Due to spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating page at address 0x0, attacker can overwrite arbitrarily chosen portion of kernel memory, leading to crash or local root escalation. This module exploits the vulnerability via the procfs file system, obtaining root privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name