@ljs @brenns10 there was a fun anon_vma ->degree confusion bug that was fixed in 2022, where an assumption in vma mergability checks is broken and you can get an anon page mapped in a VMA which is not connected to the page's anon_vma, and that leads to anon_vma UAF
https://project-zero.issues.chromium.org/issues/42451486
=> More informations about this toot | View the thread | More toots from jann@infosec.exchange
=> View ljs@social.kernel.org profile | View brenns10@snake.club profile
text/geminiThis content has been proxied by September (3851b).