Linux Kernel "vmsplice()" System Call Vulnerabilities

"Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges.

"The vulnerabilities are caused due to the missing verification of parameters within the 'vmsplice_to_user()', 'copy_from_user_mmap_sem()', and 'get_iovec_page_array()' functions in fs/splice.c before using them to perform certain memory operations..."

Complete Story

Related Stories:

• Linux Detecting/Checking Rootkits with Chkrootkit and rkhunter Software(Jan 29, 2008)
• Abusing chroot(Sep 30, 2007)
• SELinux--Is It *Really* Too Complex?(Sep 28, 2007)
• Five Ways SELinux May Surprise You(May 06, 2007)