Oddly, the POC doesn't work on my Debian 12 (Bookworm) EC2 instance. Everything that should indicate it's vulnerable is there, including the ability to socket(38,5,0).bind("aead", "authencesn(hmac(sha256),cbc(aes))")
Not the OP, but I've tried it on Debian 12 and kernel 6.1.0-34-amd64 is vulnerable (ie. the exploit works) but 6.1.0-42-amd64 and 6.1.0-44-amd64 seem to be immune, at least for me. I have only tested the exploit as-is (with su). I do see from other comment theads here that someone had it work for them on 6.1.0-43, but I can't yet find that kernel installed anywhere here to verify.
Oddly, the POC doesn't work on my Debian 12 (Bookworm) EC2 instance. Everything that should indicate it's vulnerable is there, including the ability to socket(38,5,0).bind("aead", "authencesn(hmac(sha256),cbc(aes))")
What kernel version is it? (`uname -r`)
Not the OP, but I've tried it on Debian 12 and kernel 6.1.0-34-amd64 is vulnerable (ie. the exploit works) but 6.1.0-42-amd64 and 6.1.0-44-amd64 seem to be immune, at least for me. I have only tested the exploit as-is (with su). I do see from other comment theads here that someone had it work for them on 6.1.0-43, but I can't yet find that kernel installed anywhere here to verify.