os_rpc_call() dereferences pointer to the service obtained from the userspace without checking it for sanity. This may cause hard fault inside syscall leading to complete system lockup.
As a bare minimum, kernel needs to check if the service pointer resides inside RAM region.
os_rpc_call()dereferences pointer to the service obtained from the userspace without checking it for sanity. This may cause hard fault inside syscall leading to complete system lockup.As a bare minimum, kernel needs to check if the service pointer resides inside RAM region.