Integer overflow

2019-06-2915:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges.

CPENameOperatorVersion
toaruoseq1.10.10

CPE	Name	Operator	Version
	toaruos	eq	1.10.10

References

github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc-revenge.c