---

Linux Kernel “vmsplice()” System Call Vulnerabilities

“Some vulnerabilities have been reported in the Linux Kernel,
which can be exploited by malicious, local users to cause a DoS
(Denial of Service), disclose potentially sensitive information,
and gain escalated privileges.

“The vulnerabilities are caused due to the missing verification
of parameters within the ‘vmsplice_to_user()’,
‘copy_from_user_mmap_sem()’, and ‘get_iovec_page_array()’ functions
in fs/splice.c before using them to perform certain memory
operations…”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis