An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges.
References
Link | Resource |
---|---|
https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc-revenge.c | Exploit Third Party Advisory |
Configurations
History
29 Sep 2022, 17:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Toaruos Project toaruos
Toaruos Project |
|
CPE | cpe:2.3:o:toaruos_project:toaruos:1.10.10:*:*:*:*:*:*:* |
Information
Published : 2019-06-29 15:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-13049
Mitre link : CVE-2019-13049
CVE.ORG link : CVE-2019-13049
JSON object : View
Products Affected
toaruos_project
- toaruos
CWE
CWE-190
Integer Overflow or Wraparound