Recently it was found that the fix for this issue incorrectly kept buffer offset/length in sync on a failed atomic read. This could result in a pipe buffer state corruption – and a local, unprivileged user could use this to crash the system / leak kernel memory to the user space.
|
|
Full Story |