NetBSD Super-H Port sigreturn() Input Validation Vulnerability
Ports of NetBSD for the Hitachi SuperH architecture contain a vulnerability in their implementation of sigreturn().
Sigreturn() is a system call that is used to resume process execution when the signal handler is finished executing.
This vulnerability could allow for a user-process to resume execution in privileged execution mode after a signal handler has returned.
Exploitation of this vulnerability could lead to a root compromise.
Note: A very similar bug exists in the kernel function 'process_write_regs()'. This function is used internally by the ptrace()/procfs implementations, though it may be passed data that is originally user-supplied. If this is the case, then this vulnerability may be exploitable in the same manner as the sigreturn() vulnerability.