In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 4.9 (including) | 4.9.162 (excluding) |
Linux_kernel | Linux | 4.14 (including) | 4.14.105 (excluding) |
Linux_kernel | Linux | 4.19 (including) | 4.19.27 (excluding) |
Linux_kernel | Linux | 4.20 (including) | 4.20.14 (excluding) |