Arbitrary Kernel Page Mapping Vulnerability in ToaruOS

Arbitrary Kernel Page Mapping Vulnerability in ToaruOS

CVE-2019-13047 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access.

Learn more about our User Device Pen Test.