ASA-2019-00124 – Linux kernel: Virtual address 0 (NULL) is mappable via privileged write() to /proc/*/mem

In the Linux kernel before 4.20.14, expand_downwards() in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.