Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel up to and including 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 7.0 |
||
linux linux kernel |