Reviving Exploits Against Cred Structs - Six Byte Cross Cache Overflow to Leakless Data-Oriented Kernel Pwnage

This writeup describes a leakless, data-only kernel exploitation technique—cross-cache overflow—demonstrated against a corCTF 2022 challenge: a driver that exposes a 6-byte overflow in 512-byte isolated-slab objects. The author details kernel slab/buddy allocator behavior, a page-spraying primitive using PACKET_TX_RING, reduced-noise clone/fork strategies to allocate cred objects, and a final exploit that overflows adjacent cred structs to achieve privilege escalation; full PoC code and practical notes (including adaptations for Ubuntu) are included.