oss-sec mailing list archives

Re: Linux kernel futex local privilege escalation (CVE-2014-3153)

From: Rich Felker <dalias () libc org>
Date: Fri, 6 Jun 2014 01:16:14 -0400

On Fri, Jun 06, 2014 at 07:51:17AM +0400, Solar Designer wrote:

I've added CC to Thomas.

On Thu, Jun 05, 2014 at 11:38:27PM -0400, Rich Felker wrote:

On Thu, Jun 05, 2014 at 06:45:45PM +0400, Solar Designer wrote:

I've attached patches by Thomas Gleixner (four e-mails, in mbox format),
as well as back-ports of those by John Johansen of Canonical, who wrote:


Maybe I'm missing something, but I can't find any statement of what
version these patches are intended to apply cleanly to. They don't
apply to latest stable.


Thomas - can you answer Rich's question?  This is about patches you sent
on June 3 to linux-distros, which Kees then saved into an mbox file.


It does apply cleanly against 3.15-rc8 (with a few offsets). After
applying, the resulting futex.c differs from the current version in
the mainline repo by a single-byte typo in a comment.

Rich

Current thread:

Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
  - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Kees Cook (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Phil Turnbull (Jun 05)
  - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) John Johansen (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
  - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 05)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)
    - Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 07)

(Thread continues...)