Exploiting the Linux kernel via packet sockets (Project Zero)

The Project Zero site has adetailed exploration of how to exploit CVE-2017-7308, a vulnerabilityin the kernel's packet socket implementation."Let's see how we can exploit this vulnerability. I'm going to betargeting x86-64 Ubuntu 16.04.2 with 4.8.0-41-generic kernel version withKASLR, SMEP and SMAP enabled. Ubuntu kernel has user namespaces availableto unprivileged users (CONFIG_USER_NS=y and no restrictions on [its] usage),so the bug can be exploited to gain root privileges by an unprivilegeduser. All of the exploitation steps below are performed from within a usernamespace."