android_kernel_xiaomi_sm8350/arch/s390/appldata
Al Viro 330d57fb98 [PATCH] Fix sysctl unregistration oops (CVE-2005-2709)
You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
wait for interface to go away, try to grab as much memory as possible in
hope to hit the (kfreed) ctl_table.  Then fill it with pointers to your
function.  Then do read from file you've opened and if you are lucky,
you'll get it called as ->proc_handler() in kernel mode.

So this is at least an Oops and possibly more.  It does depend on an
interface going away though, so less of a security risk than it would
otherwise be.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-08 17:57:30 -08:00
..
appldata_base.c [PATCH] Fix sysctl unregistration oops (CVE-2005-2709) 2005-11-08 17:57:30 -08:00
appldata_mem.c [PATCH] s390: deadlock in appldata 2005-06-04 17:13:00 -07:00
appldata_net_sum.c [PATCH] s390: deadlock in appldata 2005-06-04 17:13:00 -07:00
appldata_os.c [PATCH] s390: deadlock in appldata 2005-06-04 17:13:00 -07:00
appldata.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00