timothy from the uriah-deems-it-scary dept.
QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"
If it happens once, it's a bug. If it happens twice, it's a feature.
If it happens more than twice, it's a design philosophy.