kernel-packages team mailing list archive

Thread
Date
[Bug 1326367] Re: exploitable futex vulnerability

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Rolf Leggewie <1326367@xxxxxxxxxxxxxxxxxx>
Date: Fri, 05 Dec 2014 06:36:41 -0000
Reply-to: Bug 1326367 <1326367@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
saucy has seen the end of its life and is no longer receiving any
updates. Marking the saucy task for this ticket as "Won't Fix".

** Changed in: linux-ti-omap4 (Ubuntu Saucy)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1326367

Title:
  exploitable futex vulnerability

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Fix Released
Status in linux-armadaxp source package in Lucid:
  Invalid
Status in linux-ec2 source package in Lucid:
  Fix Released
Status in linux-fsl-imx51 source package in Lucid:
  Invalid
Status in linux-lts-quantal source package in Lucid:
  Invalid
Status in linux-lts-raring source package in Lucid:
  Invalid
Status in linux-lts-saucy source package in Lucid:
  Invalid
Status in linux-mvl-dove source package in Lucid:
  Invalid
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-lts-quantal source package in Precise:
  Fix Released
Status in linux-lts-raring source package in Precise:
  Fix Released
Status in linux-lts-saucy source package in Precise:
  Fix Released
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Saucy:
  Fix Released
Status in linux-armadaxp source package in Saucy:
  Invalid
Status in linux-ec2 source package in Saucy:
  Invalid
Status in linux-fsl-imx51 source package in Saucy:
  Invalid
Status in linux-lts-quantal source package in Saucy:
  Invalid
Status in linux-lts-raring source package in Saucy:
  Invalid
Status in linux-lts-saucy source package in Saucy:
  Invalid
Status in linux-mvl-dove source package in Saucy:
  Invalid
Status in linux-ti-omap4 source package in Saucy:
  Won't Fix
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Utopic:
  Fix Committed
Status in linux-armadaxp source package in Utopic:
  Invalid
Status in linux-ec2 source package in Utopic:
  Invalid
Status in linux-fsl-imx51 source package in Utopic:
  Invalid
Status in linux-lts-quantal source package in Utopic:
  Invalid
Status in linux-lts-raring source package in Utopic:
  Invalid
Status in linux-lts-saucy source package in Utopic:
  Invalid
Status in linux-mvl-dove source package in Utopic:
  Invalid
Status in linux-ti-omap4 source package in Utopic:
  Invalid

Bug description:
  The futex_requeue function in kernel/futex.c in the Linux kernel
  through 3.14.5 does not ensure that calls have two different futex
  addresses, which allows local users to gain privileges via a crafted
  FUTEX_REQUEUE command that facilitates unsafe waiter modification.

  Break-Fix: 52400ba946759af28442dee6265c5c0180ac7122 54a217887a7b658e2650c3feff22756ab80c7339
  Break-Fix: 52400ba946759af28442dee6265c5c0180ac7122 13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e
  Break-Fix: 52400ba946759af28442dee6265c5c0180ac7122 b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270
  Break-Fix: 52400ba946759af28442dee6265c5c0180ac7122 e9c243a5a6de0be8e584c604d353412584b592f8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1326367/+subscriptions