kernel-packages team mailing list archive

Thread
Date

[Bug 1326367] Re: exploitable futex vulnerability

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Date: Thu, 05 Jun 2014 16:42:58 -0000
Reply-to: Bug 1326367 <1326367@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1326367

Title:
  exploitable futex vulnerability

Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  If uaddr == uaddr2, then we have broken the rule of only requeueing from
  a non-pi futex to a pi futex with this call. If we attempt this, then
  dangling pointers may be left for rt_waiter resulting in an exploitable
  condition.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1326367/+subscriptions