exploitDog

CVE-2019-13047

Опубликовано: 29 июн. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access.

Ссылки

https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc.c
Exploit
Third Party Advisory
https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc.c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:toaruos_project:toaruos:*:*:*:*:*:*:*:*

Версия до 1.10.9 (включая)

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-mj47-q8gf-5hfc

CVSS3: 7.8

github

больше 3 лет назад

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access.

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-862