On Mon, Oct 31, 2016 at 10:32:13PM +0100, Jann Horn wrote: > When root activates a swap partition whose header has the wrong endianness, > nr_badpages elements of badpages are swabbed before nr_badpages has been > checked, leading to a buffer overrun of up to 8GB. > > This normally is not a security issue because it can only be exploited by > root (more specifically, a process with CAP_SYS_ADMIN or the ability to > modify a swap file/partition), and such a process can already e.g. modify > swapped-out memory of any other userspace process on the system. > > Testcase for reproducing the bug (must be run as root, should crash your > kernel): [...] > Cc: sta...@vger.kernel.org > Signed-off-by: Jann Horn <j...@thejh.net>
Acked-by: Johannes Weiner <han...@cmpxchg.org>