https://www.exploit-db.com/exploits/21458
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-428

gresecurityLinux是一款由Linux内核安全补丁、具有不可执行堆栈、/proc限制、chroot限制、linking和fifo限制、set*id记录、信号记录等功能。gresecurityLinux在处理写内容设备时存在漏洞，可导致本地攻击者以root权限在系统中执行任意代码。gresecurityLinux采用的安全加强补丁当用来写内存设备时，采用重定向write()系统调用实现，不幸的是，存在其他模式用于写内核任意内存内容，攻击者可以简单的使用/dev/kmem和/dev/mem代替通常的文件系统I/O调用来操纵内存，通过映射/dev/kmem或者/dev/mem，攻击者可以直接修改运行内核的内存内容，造成以root权限执行任意指令。

source: http://www.securityfocus.com/bid/4762/info

An attacker with root access may be able to write to kernel memory in spite of the security patch provided by grsecurity. The patch operates by redirecting the write() system call, when it is being used to write to a memory device. Unfortunately, there are other methods that can be used to write to kernel memory (such as mapping the device to memory using mmap()). 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21458.tgz

来源:BID
名称:4762
链接:http://www.securityfocus.com/bid/4762
来源:XF
名称:grsecurity-linux-kernel-patch(9109)
链接:http://www.iss.net/security_center/static/9109.php
来源：NSFOCUS
名称：2790
链接：http://www.nsfocus.net/vulndb/2790