> It is hard to see how that could be turned into a security breach,
> but it would be a mistake to assume that it can't. Other kernel bugs,
> like the one that allowed the recent vmsplice() exploit, have looked
> liked memory corruption, but were found to be more than that.
| After a bit more poking around, we discovered how to alter the page
| mappings so that sections of kernel and I/O memory were directly mapped
| into all user address spaces.
 Talk about security holes!
(C) 1992 http://valhenson.org/synthesis/SynthesisOS/ch7.html
Not checking userspace supplied pointers is most basic security hole in
userspace + kernel memory based systems.