On Tue, Dec 25, 2018 at 04:16:47PM -0600, Kangjie Lu wrote:
> "uattr->size" is copied in from user space and checked. However, it is
> copied in again after the security check. A malicious user may race to
> change it. The fix checks if uattr->size is ever changed after the
> check.
>
>
"uattr->size" is copied in from user space and checked. However, it is
copied in again after the security check. A malicious user may race to
change it. The fix checks if uattr->size is ever changed after the
check.
Signed-off-by: Kangjie Lu
---
kernel/sched/core.c | 18 --
1
2 matches
Mail list logo