A small firebeam (kaine's risc-v vm) plugin to exploit the CVE-2024-26229 vulnerability that utilizes a vulnerable IOCTL in csc.sys. The vulnerability is used to get kernel R/W memory access to corrupt the KTHREAD->PreviousMode and then to leveraging DKOM to achieve LPE by copying over the token from the system process over to the current process token.
↧