Skip to content

Fixed CVE-2022-2585 exploit code #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fixed CVE-2022-2585 exploit code #1

wants to merge 1 commit into from

Conversation

@blincoln-bf
Copy link

@blincoln-bf blincoln-bf commented May 12, 2025

The exploit code for CVE-2022-2585 shared by SSD Secure Disclosure was corrupted (on their original page at https://ssd-disclosure.com/ssd-advisory-linux-clock_thread_cputime_id-lpe/):

  • \n newline characters in C strings had been converted to the letter n. This broke at least one key function, and also caused console output to be formatted poorly.
  • If a file began with a # (e.g. # define), that first pound sign was stripped, which prevented compilation because it broke two #define statements.

The version in this repo was also missing the customized libexp.c included in the SSD Secure Disclosure post. That file is necessary because it contains quite a few functions referred to in exploit.c.

Finally, I added instructions for compiling the exploit, because it's not just make or gcc -o exploit exploit.c in this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@blincoln-bf