tags:ctflinuxkernelauth_bypassrace_conditioninfo_leakv8 original link: HITCON CTF QUAL 2024 Pwn Challenge Part 1 - Halloween and v8sbx newsletter link: exploits.club Weekly Newsletter 31


Exploits Club Summary:

@u1f383 wrote a really nice Linux Kernel challenge for HITCON CTF QUAL 2024 and then provided us with a lovely official solution on his blog. The challenge itself involves 4 vulnerabilities in a kernel module running network services. After discovering the auth bypass, the race condition, and the info leak, participants had to craft a pretty complex exploit. The post starts with a TLDR on all the information needed, but we highly recommend giving the full write-up a read, as it does an excellent job walking through each vulnerability and exploitation. Outside of the pwn challenge he wrote, @u1f383 also included a write-up for one of the V8 challenges at the end of this post and his solution.