Kernel/VM/MemoryManager.cpp in SerenityOS prior to 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
serenityos serenityos |