|Date: (C)2008-02-12 (M)2017-10-04|
|CVSS Score: 2.1||Access Vector: LOCAL|
|Exploitability Subscore: 3.9||Access Complexity: LOW|
|Impact Subscore: 2.9||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: NONE|
| ||Availability: NONE|
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.