Please sign in to comment.
mm: enforce min addr even if capable() in expand_downwards()
security_mmap_addr() does a capability check with current_cred(), but we can reach this code from contexts like a VFS write handler where current_cred() must not be used. This can be abused on systems without SMAP to make NULL pointer dereferences exploitable again. Fixes: 8869477 ("security: protect from stack expansion into low vm addresses") Cc: email@example.com Signed-off-by: Jann Horn <firstname.lastname@example.org> Signed-off-by: Linus Torvalds <email@example.com>
- Loading branch information...