Kernel space: The vmsplice() Exploit
Feb 20, 2008, 16:00 (8 Talkback[s])
(Other stories by Jonathan Corbet)
"As this is being written, distributors are working quickly to
ship kernel updates fixing the local root vulnerabilities in the
vmsplice() system call. Unlike a number of other recent
vulnerabilities which have required special situations (such as the
presence of specific hardware) to exploit, these vulnerabilities
are trivially exploited and the code to do so is circulating on the
net. The author found himself wondering how such a wide hole could
find its way into the core kernel code, so he set himself the task
of figuring out just what was going on - a task which took rather
longer than he had expected.
"The splice() system call, remember, is a mechanism for creating
data flow plumbing within the kernel..."