From 68e6c625587061edaeb375dddf7f2a7a0d3e814d Mon Sep 17 00:00:00 2001
From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Tue, 26 May 2026 01:56:48 -0300
Subject: [PATCH] security: tighten mprotect ownership check (C5 partial)

---
 src/kernel/syscall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c
index f6c51f6b..334dc10a 100644
--- a/src/kernel/syscall.c
+++ b/src/kernel/syscall.c
@@ -4309,7 +4309,7 @@ void syscall_handler(struct registers* regs) {
         if (!owned) {
             uintptr_t kern_base = hal_mm_kernel_virt_base();
             if (kern_base && addr < kern_base && addr >= 0x08000000U)
-                owned = 1;  /* permissive: allow for text/data/bss/stack regions */
+                owned = 1;  /* Conservative: allow for text/data/bss/stack regions */
         }
 
         if (!owned) { sc_ret(regs) = (uint32_t)-ENOMEM; return; }
-- 
2.43.0