Skip to content

Commit 55147d5

Browse files
committed
lazyaddons PACKET_EDIT_MEME - aka CVE-2026-46331
net/sched act_pedit partial-COW page-cache corruption (culprit 899ee91156e5, present v5.18 .. fixed v7.1-rc7). packet_edit_meme.c turns it into unprivileged local root: a userns CAP_NET_ADMIN child overwrites the cached ELF entry of setuid-root /bin/su with setgid(0)+setuid(0)+execve(/bin/sh) shellcode.
1 parent 842fd7c commit 55147d5

1 file changed

Lines changed: 20 additions & 0 deletions

File tree

lazyaddons/packet_edit_meme.yaml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: packet_edit_meme
2+
description: 'net/sched act_pedit partial-COW page-cache corruption (culprit 899ee91156e5, present v5.18 .. fixed v7.1-rc7). packet_edit_meme.c turns it into unprivileged local root: a userns CAP_NET_ADMIN child overwrites the cached ELF entry of setuid-root /bin/su with setgid(0)+setuid(0)+execve("/bin/sh") shellcode.
3+
'
4+
author: sgkdev
5+
version: '1.0'
6+
enabled: true
7+
params:
8+
- name: lhost
9+
type: string
10+
required: true
11+
description: lhost target.
12+
os: any
13+
trigger: []
14+
tool:
15+
name: packet_edit_meme
16+
repo_url: https://github.com/sgkdev/packet_edit_meme.git
17+
install_path: external/.exploit/packet_edit_meme
18+
install_command: git pull ; make
19+
execute_command: chmod +x packet_edit_meme && ./packet_edit_meme
20+
category: 03. Exploitation

0 commit comments

Comments
 (0)