I wouldn't be surprised if this was the result of some tool that assembles exploits out of constraint violations. It wouldn't be hard to have a program that lists exploits for cases where the kernel thinks that some particular data structure is in memory that's either provided by the userspace or in user address space, which could pick up on what line of what function gets an oops in the zero page. If somebody's got such a program, it would just be a matter of noticing that a bad value causes an oops, and running the exploit generator. Someone not a script kiddie clearly wrote the tricky part of this exploit, but may have written it to exploit an entirely different bug, and left it somewhere that someone entirely different could find it to generate a quick proof that the oops that came up with a simple invalid input was actually exploitable.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds