PT-2022-10535 · Toaruos · Toaruos
Published
2022-06-08
·
Updated
2023-08-08
·
CVE-2021-36710
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ToaruOS version 1.99.2
Description
The issue is related to incorrect access control via the kernel, specifically due to improper MMU management and a low GDT address that allows it to be mapped in userland. This can be exploited by writing a call gate to escalate to CPL 0, which refers to the privilege level of the processor, in this case, the highest privilege level.
Recommendations
For ToaruOS version 1.99.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Toaruos