Credit: Chris Salls, Federico Bento
If it’s one thing we can all agree on, it’s that it just isn’t the best priv esc category without a great Linux kernel bug. To make matters worse, there was an arbitrary write in the same syscall, because the linux kernel’s There’s More Than One Way To Exploit It design philosophy.
waitid (CVE-2017-14954, CVE-2017-5123)