This bug was fixed in the package linux-lts-saucy - 3.11.0-23.40~precise1 --------------- linux-lts-saucy (3.11.0-23.40~precise1) precise; urgency=low
[ Upstream Kernel Changes ] * futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) - LP: #1326367 - CVE-2014-3153 * futex: Validate atomic acquisition in futex_lock_pi_atomic() - LP: #1326367 - CVE-2014-3153 * futex: Always cleanup owner tid in unlock_pi - LP: #1326367 - CVE-2014-3153 * futex: Make lookup_pi_state more robust - LP: #1326367 - CVE-2014-3153 -- Brad Figg <brad.f...@canonical.com> Wed, 04 Jun 2014 09:12:14 -0700 ** Changed in: linux-lts-saucy (Ubuntu Precise) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1326367 Title: exploitable futex vulnerability Status in “linux” package in Ubuntu: Confirmed Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-lts-saucy” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: Invalid Status in “linux” source package in Lucid: Fix Released Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: New Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-lts-saucy” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: New Status in “linux-armadaxp” source package in Precise: New Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-quantal” source package in Precise: Fix Released Status in “linux-lts-raring” source package in Precise: Fix Released Status in “linux-lts-saucy” source package in Precise: Fix Released Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: New Status in “linux” source package in Saucy: Fix Released Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-lts-saucy” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: New Status in “linux” source package in Trusty: Fix Released Status in “linux-armadaxp” source package in Trusty: Invalid Status in “linux-ec2” source package in Trusty: Invalid Status in “linux-fsl-imx51” source package in Trusty: Invalid Status in “linux-lts-quantal” source package in Trusty: Invalid Status in “linux-lts-raring” source package in Trusty: Invalid Status in “linux-lts-saucy” source package in Trusty: Invalid Status in “linux-mvl-dove” source package in Trusty: Invalid Status in “linux-ti-omap4” source package in Trusty: Invalid Status in “linux” source package in Utopic: Confirmed Status in “linux-armadaxp” source package in Utopic: Invalid Status in “linux-ec2” source package in Utopic: Invalid Status in “linux-fsl-imx51” source package in Utopic: Invalid Status in “linux-lts-quantal” source package in Utopic: Invalid Status in “linux-lts-raring” source package in Utopic: Invalid Status in “linux-lts-saucy” source package in Utopic: Invalid Status in “linux-mvl-dove” source package in Utopic: Invalid Status in “linux-ti-omap4” source package in Utopic: Invalid Bug description: If uaddr == uaddr2, then we have broken the rule of only requeueing from a non-pi futex to a pi futex with this call. If we attempt this, then dangling pointers may be left for rt_waiter resulting in an exploitable condition. Break-Fix: 52400ba946759af28442dee6265c5c0180ac7122 - To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1326367/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp