安全研究Security Research 你的漏洞管理程序是有效并成功的吗? http://t.cn/E2A7IDX gVisor提权 http://t.cn/E2A7IsH 如何攻击,保护软件定义网络(SDN)? http://t.cn/E2AzmsR WebAssembly介绍 http://t.cn/E2A7M7c 本文由360CERT热点播报原创发布 转载,请参考转载声明,注明出处:https://www.anquanke.com/post/id/164490 安全KER - 有思...
The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be...
{ LinuxSyscall: specs.LinuxSyscall{ Names: []string{ "get_mempolicy", "mbind", "set_mempolicy", }, Action: specs.ActAllow, }, Includes: &Filter{ Caps: []string{"CAP_SYS_NICE"}, }, }, The containerd profile does not seem to contain the syscalls above. https://github.com/containe...
Cherry pick #70900 to 24.10: make numactl respect EPERM error, when get_mempolicy is is restricted by seccomp commented Original pull-request#70900 This pull-request is a first step of an automated backporting. It contains changes similar to callinggit cherry-picklocally. If you intend to conti...