Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 Jun 2014 23:38:27 -0400
From: Rich Felker <dalias@...c.org>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel futex local privilege escalation
 (CVE-2014-3153)

On Thu, Jun 05, 2014 at 06:45:45PM +0400, Solar Designer wrote:
> Hi,
> 
> This was handled via linux-distros, hence the mandatory oss-security
> posting.  The issue was made public earlier today, and is included in
> this Debian advisory:
> 
> https://lists.debian.org/debian-security-announce/2014/msg00130.html
> 
> ---
> CVE-2014-3153
> 
>     Pinkie Pie discovered an issue in the futex subsystem that allows a
>     local user to gain ring 0 control via the futex syscall. An
>     unprivileged user could use this flaw to crash the kernel (resulting
>     in denial of service) or for privilege escalation.
> ---
> 
> I've attached patches by Thomas Gleixner (four e-mails, in mbox format),
> as well as back-ports of those by John Johansen of Canonical, who wrote:

Maybe I'm missing something, but I can't find any statement of what
version these patches are intended to apply cleanly to. They don't
apply to latest stable.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ