Vulnerabilities > CVE-2019-13047 - Missing Authorization vulnerability in Toaruos Project Toaruos

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

toaruos-project

CWE-862

NVD

Published: 2019-06-29

Updated: 2022-09-29

Summary

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access.

Vulnerable Configurations

Part	Description	Count
OS	Toaruos_Project Toaruos Project Toaruos *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc.c