Wojciech Purczynski wrote: > This is not an integer overflow bug. do_brk() doesn't verify its arguments > at all, allowing to create arbitrarily large virtual memory mapping (vma) > consuming kernel memory. At least this explains why it wasn't found by the Stanford checker tool. Thanks.