Dirty Frag: Universal Linux LPE(github.com)
7 pointsby nahikoaan hour ago2 comments
  • an hour ago
    undefined
  • mehmetkeremmtlan hour ago
    With a name like 'Dirty Frag', I'm guessing this is another memory fragmentation or page cache trick similar to Dirty Pipe?
    • TacticalCoder10 minutes ago
      From TFA:

      > Dirty Frag belongs to the same class as Dirty Pipe and Copy Fail. However, while Dirty Pipe overwrites struct pipe_buffer, Dirty Frag overwrites the frag of struct sk_buff

      So yup, Dirty Pipe is specifically mentioned.