kernel vmsplice_to_pipe flaw

The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010...

CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference

=== ABSTRACT ========================================================= A new vmsplice system call was introduced in the 2.6.17 release of the Linux kernel. In the 2.6.23 kernel the system call functionality has been further extended resulting in two new critical vulnerabilities. === AFFECTED...