oss-sec mailing list archives
Linux kernel futex local privilege escalation (CVE-2014-3153)
From: Solar Designer <solar () openwall com>
Date: Thu, 5 Jun 2014 18:45:45 +0400
Hi, This was handled via linux-distros, hence the mandatory oss-security posting. The issue was made public earlier today, and is included in this Debian advisory: https://lists.debian.org/debian-security-announce/2014/msg00130.html --- CVE-2014-3153 Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. --- I've attached patches by Thomas Gleixner (four e-mails, in mbox format), as well as back-ports of those by John Johansen of Canonical, who wrote: --- For anyone who is interested I've attached back ports of the patches to 3.13 - minor conflicts in patch 4. It has applied cleanly back to 3.2 and 2.6.32 - conflict is in patches 3, and 4 --- Alexander
Attachment:
futex.mbox
Description:
Attachment:
patches-2.6.32.tgz
Description:
Attachment:
patches-3.13.tgz
Description:
Current thread:
- Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Kees Cook (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Phil Turnbull (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) John Johansen (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)