On Sep 03 Randy Dunlap wrote:
> On 09/03/2018 08:55 AM, Jann Horn wrote:
> > On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote:
> >> In general, accessing userspace memory beyond the length of the supplied
> >> buffer in VFS read/write handlers can lead to both kernel memory corruption
> >> (via
On Sep 03 Randy Dunlap wrote:
> On 09/03/2018 08:55 AM, Jann Horn wrote:
> > On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote:
> >> In general, accessing userspace memory beyond the length of the supplied
> >> buffer in VFS read/write handlers can lead to both kernel memory corruption
> >> (via
On 09/03/2018 08:55 AM, Jann Horn wrote:
> On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote:
>> In general, accessing userspace memory beyond the length of the supplied
>> buffer in VFS read/write handlers can lead to both kernel memory corruption
>> (via kernel_read()/kernel_write(), which can
On 09/03/2018 08:55 AM, Jann Horn wrote:
> On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote:
>> In general, accessing userspace memory beyond the length of the supplied
>> buffer in VFS read/write handlers can lead to both kernel memory corruption
>> (via kernel_read()/kernel_write(), which can
On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote:
> In general, accessing userspace memory beyond the length of the supplied
> buffer in VFS read/write handlers can lead to both kernel memory corruption
> (via kernel_read()/kernel_write(), which can e.g. be triggered via
> sys_splice()) and
On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote:
> In general, accessing userspace memory beyond the length of the supplied
> buffer in VFS read/write handlers can lead to both kernel memory corruption
> (via kernel_read()/kernel_write(), which can e.g. be triggered via
> sys_splice()) and
In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.
Fixes: 286468210d83
In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.
Fixes: 286468210d83
8 matches
Mail list logo