diff options
| author | Jann Horn <[email protected]> | 2016-11-10 10:46:19 -0800 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2016-11-11 08:12:37 -0800 |
| commit | dd111be69114cc867f8e826284559bfbc1c40e37 (patch) | |
| tree | bd245104ef2c79a3aaa1fe61ff3c2c6a13744736 /tools/perf/scripts/python/call-graph-from-postgresql.py | |
| parent | 6b36ba599d602d8a73920fb5c470fe272fac49c1 (diff) | |
swapfile: fix memory corruption via malformed swapfile
When root activates a swap partition whose header has the wrong
endianness, nr_badpages elements of badpages are swabbed before
nr_badpages has been checked, leading to a buffer overrun of up to 8GB.
This normally is not a security issue because it can only be exploited
by root (more specifically, a process with CAP_SYS_ADMIN or the ability
to modify a swap file/partition), and such a process can already e.g.
modify swapped-out memory of any other userspace process on the system.
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Jann Horn <[email protected]>
Acked-by: Kees Cook <[email protected]>
Acked-by: Jerome Marchand <[email protected]>
Acked-by: Johannes Weiner <[email protected]>
Cc: "Kirill A. Shutemov" <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Hugh Dickins <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-postgresql.py')
0 files changed, 0 insertions, 0 deletions