Dirty Frag: Universal Linux LPE

8 hours ago | parent | next [-]

[deleted]

With a name like 'Dirty Frag', I'm guessing this is another memory fragmentation or page cache trick similar to Dirty Pipe?

	▲	TacticalCoder 7 hours ago \| parent [-]
		From TFA: > Dirty Frag belongs to the same class as Dirty Pipe and Copy Fail. However, while Dirty Pipe overwrites struct pipe_buffer, Dirty Frag overwrites the frag of struct sk_buff So yup, Dirty Pipe is specifically mentioned.