Andreas Kling c17f80e720 Kernel: AnonymousVMObject::create_for_physical_range() should fail more ... Previously it was not possible for this function to fail. You could exploit this by triggering the creation of a VMObject whose physical memory range would wrap around the 32-bit limit. It was quite easy to map kernel memory into userspace and read/write whatever you wanted in it. Test: Kernel/bxvga-mmap-kernel-into-userspace.cpp		2020-01-28 20:48:07 +01:00
..
bind-local-socket-to-symlink.cpp	Kernel: Pass correct permission flags when opening files	2020-01-18 23:51:22 +01:00
bxvga-mmap-kernel-into-userspace.cpp	Kernel: AnonymousVMObject::create_for_physical_range() should fail more	2020-01-28 20:48:07 +01:00
elf-execve-mmap-race.cpp	Kernel: Enforce W^X between sys$mmap() and sys$execve()	2020-01-18 23:40:12 +01:00
elf-symbolication-kernel-read-exploit.cpp	Kernel+LibELF: Don't blindly trust ELF symbol offsets in symbolication	2020-01-16 22:11:31 +01:00
mmap-write-into-running-programs-executable-file.cpp	Kernel: Validate PROT_READ and PROT_WRITE against underlying file	2020-01-07 19:32:32 +01:00
null-deref-close-during-select.cpp	Kernel: Ignore closed fd's when considering select() unblock	2020-01-09 12:36:42 +01:00
null-deref-crash-during-pthread_join.cpp	Kernel: Fix kernel null deref on process crash during join_thread()	2020-01-10 19:23:45 +01:00
uaf-close-while-blocked-in-read.cpp	Kernel: Make Process::file_description() vend a RefPtr<FileDescription>	2020-01-07 15:53:42 +01:00