Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 Jun 2014 18:45:45 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel futex local privilege escalation (CVE-2014-3153)

Hi,

This was handled via linux-distros, hence the mandatory oss-security
posting.  The issue was made public earlier today, and is included in
this Debian advisory:

https://lists.debian.org/debian-security-announce/2014/msg00130.html

---
CVE-2014-3153

    Pinkie Pie discovered an issue in the futex subsystem that allows a
    local user to gain ring 0 control via the futex syscall. An
    unprivileged user could use this flaw to crash the kernel (resulting
    in denial of service) or for privilege escalation.
---

I've attached patches by Thomas Gleixner (four e-mails, in mbox format),
as well as back-ports of those by John Johansen of Canonical, who wrote:

---
For anyone who is interested I've attached back ports of the patches to

  3.13 - minor conflicts in patch 4. It has applied cleanly back to 3.2
and
  2.6.32 - conflict is in patches 3, and 4
---

Alexander

[ CONTENT OF TYPE application/mbox SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ