Educational repository for studying Linux kernel vulnerabilities and exploits.
This repo is designed as a learning lab for understanding kernel internals, vulnerabilities, and exploit development.
⚠️ Disclaimer: All code and documents in this repository are for educational and authorized research purposes only. Do not use these exploits on any system you do not own or have explicit permission to test.
linux-kernel-exploits/
├── exploits/ # CVE-specific exploit implementations
│ ├── CVE-2016-5195-dirtycow/
│ │ ├── dirtycow_poc.c
│ │ ├── Makefile
│ │ └── README.md
│ ├── CVE-2017-1000112/
│ │ ├── exploit.c
│ │ ├── Makefile
│ │ └── README.md
│ ├── CVE-2022-0847-dirtypipe/
│ │ ├── dirtypipe_poc.c
│ │ └── README.md
│ └── CVE-2021-4034-pwnkit/
│ ├── pwnkit_poc.c
│ └── README.md
├── writeups/ # Vulnerability analysis and documentation
│ ├── dirtycow.md
│ ├── dirtypipe.md
│ ├── use-after-free.md
│ └── race-conditions.md
├── poc/ # Simple Proof-of-Concept exploit code
│ ├── sample_exploit.c
│ ├── basic_uaf.c
│ └── simple_overflow.c
├── docs/ # Setup guides and reference materials
│ ├── setup.md
│ ├── vm-setup.md
│ ├── debugging.md
│ ├── mitigation-bypass.md
│ └── references.md
├── tools/ # Helper scripts and utilities
│ ├── kernel_build.sh
│ ├── exploit_test.py
│ └── vm_manager.sh
└── README.md
- Kernel memory management & privilege boundaries
- Race conditions (e.g., Dirty COW, CVE-2016-5195)
- Use-after-free & double free vulnerabilities
- Privilege escalation techniques
- Exploit mitigation bypass strategies
- Return-oriented programming (ROP) in kernel space
- Kernel stack smashing and buffer overflows
- SMEP/SMAP bypass techniques
- Ubuntu 16.04 or similar (kernel 4.4 recommended for Dirty COW)
- Ubuntu 20.04 for modern exploits
- Install build tools:
sudo apt-get update sudo apt-get install build-essential gcc make qemu-kvm virt-manager sudo apt-get install linux-headers-$(uname -r) gdb
git clone https://github.com/sumin-world/linux-kernel-exploits.git
cd linux-kernel-exploits# Make setup script executable
chmod +x tools/vm_manager.sh
# Run initial setup
./tools/vm_manager.sh setupcd exploits/CVE-2016-5195-dirtycow
make
./dirtycow_poc target_file new_contentNote: Example PoCs are simplified for learning purposes and may not work on modern patched kernels.
- CVE-2016-5195 (Dirty COW) - Copy-on-write race condition
- CVE-2022-0847 (Dirty Pipe) - Pipe buffer overwrite vulnerability
- CVE-2017-1000112 - UDP fragmentation UAF
- CVE-2022-32250 - Netfilter UAF vulnerability
- CVE-2021-4034 (PwnKit) - Polkit privilege escalation
- CVE-2022-2588 - cls_route filter UAF
- Stack-based overflows - Basic kernel stack smashing
- Heap overflows - Kernel heap exploitation techniques
- Start with basic concepts - Read
docs/setup.md - Understand kernel basics - Study memory management
- Try simple PoCs - Start with
poc/sample_exploit.c - Read Dirty COW writeup - Classic race condition vulnerability
- Explore UAF vulnerabilities - Study use-after-free patterns
- Learn about SMEP/SMAP - Modern exploit mitigations
- Practice ROP chains - Return-oriented programming in kernel
- Study heap exploitation - Kernel heap feng shui
- Bypass modern mitigations - KASLR, KPTI, etc.
- Develop custom exploits - Create your own PoCs
- Analyze 0-day research - Study recent CVEs
- Contribute to the project - Add new exploits and writeups
- GDB with kernel debugging - Step through exploit execution
- QEMU with KVM - Safe kernel exploit testing
- Crash utility - Kernel crash dump analysis
- Cross-compilation tools - Build exploits for different architectures
- Static analysis tools - Code quality and vulnerability detection
- Fuzzing frameworks - Discover new kernel bugs
- Dirty COW (CVE-2016-5195) writeup
- Kernel Exploitation: Advanced Linux Exploit Development
- Linux Kernel Development (Robert Love)
- OSTEP: Operating Systems: Three Easy Pieces
- The Shellcoder's Handbook
- Phrack Magazine - Classic exploit development articles
- Google Project Zero - Modern vulnerability research
- Setup repository structure
- Add Dirty COW PoC + writeup
- Add UAF vulnerability example
- Expand documentation on exploit mitigations
- Add SMEP/SMAP bypass examples
- Explore Rust-based kernel exploit tooling
- Add ARM64 kernel exploits
- Create interactive learning modules
- Add container escape techniques
- Develop automated testing framework
We welcome contributions to expand this learning resource! Please:
- Fork the repository
- Create a feature branch -
git checkout -b feature/new-exploit - Add your exploit/writeup - Follow the existing structure
- Test your code - Ensure it works in the target environment
- Submit a pull request - Include detailed description
- All exploits must include detailed writeups
- Code should be well-commented for educational purposes
- Include appropriate disclaimers and warnings
- Test exploits in isolated environments only
This project is licensed under the MIT License - see the LICENSE file for details.
IMPORTANT: This repository is intended only for academic study and security research in controlled environments.
- All code and documentation are provided for educational purposes only
- Do not use these exploits on systems you do not own or lack explicit permission to test
- The author assumes no responsibility for illegal or malicious use of this material
- Users are solely responsible for compliance with applicable laws and regulations
- These exploits should only be used in isolated virtual machines or authorized penetration testing environments
By using this repository, you acknowledge that you understand these terms and will use the materials responsibly and legally.
Happy Learning! 🚀
Remember: With great power comes great responsibility. Use these skills to build better, more secure systems.