Linux kernel version from 2.6.17 to 2.6.24.1 all are affected because of vmsplice bug

Testing: You can have your hack script download from here compile it as local user to get the root access in the above vulnerable kernels.

http://www.milw0rm.com/exploits/5092

http://www.milw0rm.com/exploits/5093

Change directory to your kernel source code:
# cd linux-2.6.xx.yy
Download and save patch file as fix.vmsplice.exploit.patch:
# cat fix.vmsplice.exploit.patch
Output:

--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
                if (unlikely(!len))
                        break;
                error = -EFAULT;
-               if (unlikely(!base))
+               if (!access_ok(VERIFY_READ, base, len))
                        break;

                /*

Patch the present kernel tree

# patch < fix.vmsplice.exploit.patch -p1
Now recompile kernel

Sun Microsystems Announces Agreement to Acquire MySQL, Developer of the World’s Most Popular Open Source Database

Sun Growth Strategy Accelerates With New Position in $15 Billion Database Market

SANTA CLARA, CA January 16, 2008 Sun Microsystems, Inc. (NASDAQ: JAVA) today announced it has entered into a definitive agreement to acquire MySQL AB, an open source icon and developer of one of the world’s fastest growing open source databases for approximately $1 billion in total consideration. The acquisition accelerates Sun’s position in enterprise IT to now include the $15 billion database market. Today’s announcement reaffirms Sun’s position as the leading provider of platforms for the Web economy and its role as the largest commercial open source contributor. Read More