kernel: iovec integer overflow in net/rds/rdma.c
Integer overflow in the rdsrdmapages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service crash and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets RDS request, which triggers a buffer overflow...