Arbitrary Kernel Page Mapping Vulnerability in ToaruOS 1.10.10

Arbitrary Kernel Page Mapping Vulnerability in ToaruOS 1.10.10

CVE-2019-13049 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges.

Learn more about our User Device Pen Test.