Linux Today: Linux News On Internet Time.

Linux Kernel "vmsplice()" System Call Vulnerabilities

Feb 11, 2008, 14:00 (2 Talkback[s])

"Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges.

"The vulnerabilities are caused due to the missing verification of parameters within the 'vmsplice_to_user()', 'copy_from_user_mmap_sem()', and 'get_iovec_page_array()' functions in fs/splice.c before using them to perform certain memory operations..."

Complete Story

Related Stories: