Tags: pwn kernel
Rating: 2.0
1. Read `current_task` ptr address based on provided `System.map`
2. Get `cred* cred` pointer
3. Overwrite `cred->fsuid` and `cred->fsguid`
4. Read `/flag`
Exploit here: https://github.com/justcatthefish/ctf/blob/master/2019-10-23-hacklu-ctf/baby_kernel2_pwn/solution.py
Written by disconnect3d