[原文]The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
Linux Kernel reiserfs_copy_from_user_to_file_region Function Local Overflow
Local Access Required
Loss of Integrity
A local overflow exists in Linux Kernel. The Linux Kernel code performs poor input validation in the reiserfs_copy_from_user_to_file_region function when used with 64 bit architectures due to discrepancies between the size_t and the int data type resulting in a local buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 2.6.11-RC4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.