On Mon, Oct 31, 2016 at 10:32:13PM +0100, Jann Horn wrote: > When root activates a swap partition whose header has the wrong endianness, > nr_badpages elements of badpages are swabbed before nr_badpages has been > checked, leading to a buffer overrun of up to 8GB. > > This normally is not a security issue because it can only be exploited by > root (more specifically, a process with CAP_SYS_ADMIN or the ability to > modify a swap file/partition), and such a process can already e.g. modify > swapped-out memory of any other userspace process on the system. > > Testcase for reproducing the bug (must be run as root, should crash your > kernel): [...] > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Jann Horn <jann@xxxxxxxxx> Acked-by: Johannes Weiner <hannes@xxxxxxxxxxx> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>