zer0pts CTF 2022 kRCE writeup: Limited Userland Interface to Kernel RCE

This writeup documents kRCE, a zer0pts CTF 2022 kernel challenge: the author analyzes the userland interface and vulnerable kernel driver, discovers negative indexing and arbitrary kernel heap read/write, uses a module-data leak to bypass KASLR, builds arbitrary read/write primitives, and constructs a kernel ROP chain to mprotect and copy shellcode into the user process to obtain a shell; full PoC C and pwntools exploits are provided.