Linux Kernel Vmsplice() Privilege Escalation Exploit

Exploits a missing verification of parameters within the vmsplice_to_user(), copy_from_user_mmap_sem(), and get_iovec_page_array() functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted vmsplice() system call, and allows an unprivileged process to elevate privileges to root.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2008-0600
Product Version: 
7.5
Released Date: 
Monday, February 11, 2008 - 00:00