[bug] Userspace programs can arbitrary write into kernel memory #69

New issue

Open

opened 2024-05-23 16:43:38 +02:00 by hgruniaux · 0 comments

hgruniaux commented 2024-05-23 16:43:38 +02:00 (Migrated from github.com)

Copy link

The check_ptr() function in kernel syscalls do not check the number of bytes that will be written by the kernel. It only check if the address is valid and accessible (that is only the first byte, but not the other bytes).

That is, check_ptr() should take an additional argument: the expected number of bytes that will be written by the kernel and check if the memory range is accessible.

The `check_ptr()` function in kernel syscalls do not check the number of bytes that will be written by the kernel. It only check if the address is valid and accessible (that is only the first byte, but not the other bytes). That is, `check_ptr()` should take an additional argument: the expected number of bytes that will be written by the kernel and check if the memory range is accessible.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

demo

Labels

Clear labels   

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

hubert/Pi-kachULM_OS#69

No description provided.