MidnightsunQuals 2021 BroHammer Writeup (Single Bit Flip to Kernel Privilege Escalation)

This is a concise CTF writeup detailing a kernel privilege-escalation exploit named “brohammer” that uses an arbitrary one-bit-flip syscall to alter x86_64 page-table entry bits via the physmap direct mapping. The author describes 4-level paging, targeted flipping of U/S and R/W bits to obtain user-mode write access over kernel page tables, and overwrites a kernel function to execute commit_creds(init_cred) for privilege escalation, noting environmental caveats like KASLR/SMEP/SMAP being disabled and TLB caching differences in QEMU.