Off-by-one error in the iov_iter_advance function in mm/filemap.c in the
Linux kernel before 2.6.27-rc2 allows local users to cause a denial of
service (system crash) via a certain sequence of file I/O operations with
readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from
the Linux Test Project.
It was discovered that the readv/writev functions did not correctly
handle certain sequences of file operations. A local attacker could
exploit this to crash the system, leading to a denial of service.
Updated: 2016-01-26 17:31:30 UTC (commit 10507)