CVE-2019-13047

2019-06-2914:50:33

mitre

www.cve.org

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access.

References

github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc.c