Merge branch 'google:master' into CVE-2024-0582_mitigation

google · Jan 9, 2025 · 2edeb15 · 2edeb15
2 parents a739cd0 + 549c352
commit 2edeb15
Show file tree

Hide file tree

Showing 4 changed files with 144 additions and 17 deletions.
diff --git a/kernelctf/repro/repro.sh b/kernelctf/repro/repro.sh
@@ -18,15 +18,20 @@ START_TIME=$(date +%s)
 
 CMDLINE="console=ttyS0 root=/dev/vda1 rootfstype=ext4 rootflags=discard ro init=/init hostname=repro"
 
-if [[ "$(echo $EXPLOIT_INFO | jq -e '.requires_separate_kaslr_leak')" == true ]]; then
-  CMDLINE="$CMDLINE nokaslr -- kaslr_leak=1"
-fi
-
 # Check if the exploit uses io_uring
 if ! echo $EXPLOIT_INFO | jq -e '.uses | index("io_uring")' > /dev/null 2>&1; then
   CMDLINE="$CMDLINE sysctl.io_uring_disabled=2"
 fi
 
+if [[ "$RELEASE_ID" == "mitigation-"* ]]; then
+  CMDLINE="$CMDLINE sysctl.kernel.dmesg_restrict=1 sysctl.kernel.kptr_restrict=2 sysctl.kernel.unprivileged_bpf_disabled=2 sysctl.net.core.bpf_jit_harden=1 sysctl.kernel.yama.ptrace_scope=1 slab_virtual=1 slab_virtual_guards=1";
+fi
+
+# Keep this as the last check as it contains "--", everything comes after this is not passed to the kernel
+if [[ "$(echo $EXPLOIT_INFO | jq -e '.requires_separate_kaslr_leak')" == true ]]; then
+  CMDLINE="$CMDLINE nokaslr -- kaslr_leak=1"
+fi
+
 echo $CMDLINE
 
 expect -c '

diff --git a/kernelctf/server/releases.yaml b/kernelctf/server/releases.yaml
@@ -1,3 +1,10 @@
+lts-6.6.69:
+  release-date: 2025-01-10T12:00:00Z
+cos-105-17412.495.75:
+  release-date: 2025-01-10T12:00:00Z
+cos-109-17800.372.84:
+  release-date: 2025-01-10T12:00:00Z
+
 lts-6.6.66:
   release-date: 2024-12-27T12:00:00Z
 cos-105-17412.495.73:

diff --git a/pocs/bios/tpm-carte-blanche/go.mod b/pocs/bios/tpm-carte-blanche/go.mod
@@ -5,19 +5,22 @@ go 1.17
 require (
 	github.com/TylerBrock/colorjson v0.0.0-20200706003622-8a50f05110d2
 	github.com/basgys/goxml2json v1.1.0
-	github.com/bitly/go-simplejson v0.5.0 // indirect
 	github.com/chrisfenner/pkcs7 v0.0.0-20210603081855-897caa21f9f3
 	github.com/fatih/color v1.11.0
 	github.com/google/certificate-transparency-go v1.1.1
-	github.com/google/go-attestation v0.3.2
+	github.com/google/go-attestation v0.4.0
 	github.com/google/go-tpm v0.3.3-0.20210409082102-d3310770bfec
+	github.com/mitchellh/go-wordwrap v1.0.1
+)
+
+require (
+	github.com/bitly/go-simplejson v0.5.0 // indirect
 	github.com/google/go-tspi v0.2.1-0.20190423175329-115dea689aad // indirect
 	github.com/hokaccha/go-prettyjson v0.0.0-20210113012101-fb4e108d2519 // indirect
 	github.com/mattn/go-colorable v0.1.8 // indirect
 	github.com/mattn/go-isatty v0.0.12 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.1
-	golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b // indirect
-	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
-	golang.org/x/sys v0.0.0-20210316092937-0b90fd5c4c48 // indirect
-	golang.org/x/text v0.3.3 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 )