Published at LXer:
Back in April, the Linux kernel developers fixed an incorrectly declared pointer in the Linux kernel. However, it appears that they overlooked the potential security implications of such a bug – particularly the fact that it is possible to gain access to almost any memory area using a suitable event_id. The developers only got into gear and declared the bug as an official security hole (CVE-2013-2094) after an exploit was released that proves that normal, logged-in users can gain root access this way.
Read More...