diff --git a/data/exploits/cve-2022-0995/cve-2022-0995.x64.elf b/data/exploits/cve-2022-0995/cve-2022-0995.x64.elf index acf2ef6d55..3be78cddc2 100644 Binary files a/data/exploits/cve-2022-0995/cve-2022-0995.x64.elf and b/data/exploits/cve-2022-0995/cve-2022-0995.x64.elf differ diff --git a/external/source/exploits/cve-2022-0995/cve-2022-0995.c b/external/source/exploits/cve-2022-0995/cve-2022-0995.c index 840fa851d2..13aab5de59 100644 --- a/external/source/exploits/cve-2022-0995/cve-2022-0995.c +++ b/external/source/exploits/cve-2022-0995/cve-2022-0995.c @@ -256,6 +256,9 @@ void save_state() { } int main(int argc, char* argv[]) { + if (argc != 2){ + exit(1); + } exec_path = argv[1]; // Assign to cpu 0 cpu_set_t my_set; diff --git a/external/source/exploits/cve-2022-0995/cve-2022-0995_debug.c b/external/source/exploits/cve-2022-0995/cve-2022-0995_debug.c index 0532dc005f..bc401c4d4e 100644 --- a/external/source/exploits/cve-2022-0995/cve-2022-0995_debug.c +++ b/external/source/exploits/cve-2022-0995/cve-2022-0995_debug.c @@ -261,7 +261,11 @@ void save_state() { } int main(int argc, char* argv[]) { - printf("Trying to launch %s\n", argv[1]); + if (argc != 2){ + perror("Incorrect number of arguments provided\n") + exit(1); + } + printf("Attempting to launch %s\n", argv[1]); exec_path = argv[1]; printf("Trying to launch %s\n", exec_path); // Assign to cpu 0 diff --git a/modules/exploits/linux/local/cve_2022_0995_watch_queue.rb b/modules/exploits/linux/local/cve_2022_0995_watch_queue.rb index 7722fcf008..fa99ee2c0a 100644 --- a/modules/exploits/linux/local/cve_2022_0995_watch_queue.rb +++ b/modules/exploits/linux/local/cve_2022_0995_watch_queue.rb @@ -47,7 +47,7 @@ class MetasploitModule < Msf::Exploit::Local 'DefaultTarget' => 0, 'Notes' => { 'Reliability' => [ REPEATABLE_SESSION ], - 'Stability' => [ CRASH_OS_RESTARTS ], # In practice haven't seen this happen but there is a small potential for a kernel panic here. + 'Stability' => [ CRASH_OS_DOWN ], 'SideEffects' => [ ARTIFACTS_ON_DISK ] } )