kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #80246
[Bug 1370021] [NEW] CVE-2014-0205
*** This bug is a security vulnerability ***
Public security bug reported:
A flaw was found in the way the Linux kernel's futex subsystem handled
reference counting when requeuing futexes during futex_wait(). A local,
unprivileged user could use this flaw to zero out the reference counter
of an inode or an mm struct that backs up the memory area of the futex,
which could lead to a use-after-free flaw, resulting in a system crash
or, potentially, privilege escalation
Break-Fix: - 7ada876a8703f23befbb20a7465a702ee39b1704
** Affects: linux (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-armadaxp (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-ec2 (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-lts-raring (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu)
Importance: High
Status: Invalid
** Affects: linux (Ubuntu Lucid)
Importance: High
Status: Fix Committed
** Affects: linux-armadaxp (Ubuntu Lucid)
Importance: High
Status: Invalid
** Affects: linux-ec2 (Ubuntu Lucid)
Importance: High
Status: Fix Committed
** Affects: linux-fsl-imx51 (Ubuntu Lucid)
Importance: High
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Lucid)
Importance: High
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Lucid)
Importance: High
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Lucid)
Importance: High
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Lucid)
Importance: High
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Lucid)
Importance: High
Status: Invalid
** Affects: linux (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-armadaxp (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-ec2 (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Precise)
Importance: High
Status: Invalid
** Affects: linux (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-armadaxp (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-ec2 (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Trusty)
Importance: High
Status: Invalid
** Affects: linux (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-armadaxp (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-ec2 (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Utopic)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Utopic)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Utopic)
Importance: High
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Utopic)
Importance: High
Status: Invalid
** Tags: kernel-cve-tracking-bug
** Tags added: kernel-cve-tracking-bug
** Information type changed from Public to Public Security
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0205
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1370021
Title:
CVE-2014-0205
Status in “linux” package in Ubuntu:
Invalid
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Fix Committed
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Committed
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Invalid
Status in “linux-armadaxp” source package in Precise:
Invalid
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
Invalid
Status in “linux-lts-raring” source package in Precise:
Invalid
Status in “linux-lts-saucy” source package in Precise:
Invalid
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Invalid
Status in “linux” source package in Trusty:
Invalid
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Invalid
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
New
Status in “linux-lts-backport-natty” source package in Utopic:
New
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
A flaw was found in the way the Linux kernel's futex subsystem handled
reference counting when requeuing futexes during futex_wait(). A
local, unprivileged user could use this flaw to zero out the reference
counter of an inode or an mm struct that backs up the memory area of
the futex, which could lead to a use-after-free flaw, resulting in a
system crash or, potentially, privilege escalation
Break-Fix: - 7ada876a8703f23befbb20a7465a702ee39b1704
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1370021/+subscriptions
Follow ups
-
[Bug 1370021] Re: CVE-2014-0205
From: Rolf Leggewie, 2016-04-24
-
[Bug 1370021] Re: CVE-2014-0205
From: Rolf Leggewie, 2016-04-24
-
[Bug 1370021] Re: CVE-2014-0205
From: Steve Beattie, 2016-01-27
-
[Bug 1370021] Re: CVE-2014-0205
From: Steve Beattie, 2016-01-27
-
[Bug 1370021] Re: CVE-2014-0205
From: Rolf Leggewie, 2015-06-17
-
[Bug 1370021] Re: CVE-2014-0205
From: Rolf Leggewie, 2015-06-17
-
[Bug 1370021] Re: CVE-2014-0205
From: John Johansen, 2015-05-08
-
[Bug 1370021] Re: CVE-2014-0205
From: Mathew Hodson, 2015-04-06
-
[Bug 1370021] Re: CVE-2014-0205
From: John Johansen, 2014-10-03
-
[Bug 1370021] Re: CVE-2014-0205
From: John Johansen, 2014-09-16
-
[Bug 1370021] [NEW] CVE-2014-0205
From: John Johansen, 2014-09-16
References
