commit e2f18d53125bf0753169de321af25b0df1b758c5 Author: Greg Kroah-Hartman Date: Sun Feb 10 23:31:19 2008 -0800 Linux 2.6.22.18 commit af395d8632d0524be27d8774a1607e68bdb4dd7f Author: Bastian Blank Date: Sun Feb 10 16:47:57 2008 +0200 splice: fix user pointer access in get_iovec_page_array() (CVE-2008-0600) patch 712a30e63c8066ed84385b12edbfb804f49cbc44 in mainline. Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user pointer access verification") added the proper access_ok() calls to copy_from_user_mmap_sem() which ensures we can copy the struct iovecs from userspace to the kernel. But we also must check whether we can access the actual memory region pointed to by the struct iovec to fix the access checks properly. Signed-off-by: Bastian Blank Acked-by: Oliver Pinter Cc: Jens Axboe Cc: Andrew Morton Signed-off-by: Pekka Enberg Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman