Copy Fail, Dirty Frag, Fragnesia, ssh-keysign-pwn - four Linux kernel root exploits in three weeks. The kernel is fine. The admins are not.
tag: #cve
2 posts
A race in mm/gup.c lets any local user write to read-only memory and rewrite setuid binaries. It sat in the kernel for nine years. Here is how the race actually works, and why "it's only local" was always a lie, especially now that everyone runs containers.