8 points | by nahikoa 9 hours ago ago
3 comments
With a name like 'Dirty Frag', I'm guessing this is another memory fragmentation or page cache trick similar to Dirty Pipe?
From TFA:
> Dirty Frag belongs to the same class as Dirty Pipe and Copy Fail. However, while Dirty Pipe overwrites struct pipe_buffer, Dirty Frag overwrites the frag of struct sk_buff
So yup, Dirty Pipe is specifically mentioned.
With a name like 'Dirty Frag', I'm guessing this is another memory fragmentation or page cache trick similar to Dirty Pipe?
From TFA:
> Dirty Frag belongs to the same class as Dirty Pipe and Copy Fail. However, while Dirty Pipe overwrites struct pipe_buffer, Dirty Frag overwrites the frag of struct sk_buff
So yup, Dirty Pipe is specifically mentioned.