But the point here is that userspace can use this to bypass kernel protections that would otherwise prevent it from mutating R^X pages for example, not that the kernel can bypass its own.
But the point here is that userspace can use this to bypass kernel protections that would otherwise prevent it from mutating R^X pages for example, not that the kernel can bypass its own.
Those protections are mainly about preventing well intentioned people from accidentally shooting themselves in the foot though, right? So it's not really a big deal that there is a way around it.
No, page table write access allows arbitrary memory access because I can map any PFN I want. It's certainly a vector to execute arbitrary code in ring 0.
It’s a huge deal. It’s a trivial gadget for building a larger exploit chain