FS#38737 - [linux] Vulnerability in x32 ABI for 64-bit mode may allow privilege escalation (CVE-2014-0038)
Attached to Project:
Arch Linux
Opened by . (Thralas) - Thursday, 30 January 2014, 23:37 GMT
Last edited by Allan McRae (Allan) - Friday, 31 January 2014, 13:20 GMT
Opened by . (Thralas) - Thursday, 30 January 2014, 23:37 GMT
Last edited by Allan McRae (Allan) - Friday, 31 January 2014, 13:20 GMT
|
Details
Linux v3.4+ is reportedly vulnerable to an undisclosed
vulnerability in the X32 ABI, which should allow for local
privilege escalation (CVE-2014-0038).
This likely affects all current kernel packages (normal/lts in stable/testing). Discovered and patched by the PaX Team, refer to [1][2]. Patch contained in [3], I could not find an upstream fix nor a separate patch. [1]: https://twitter.com/grsecurity/status/429012138963636224 [2]: https://grsecurity.net/changelog-test.txt [3]: https://grsecurity.net/test/grsecurity-3.0-3.13.1-201401301657.patch |
This task depends upon
Closed by Allan McRae (Allan)
Friday, 31 January 2014, 13:20 GMT
Reason for closing: Fixed
Additional comments about closing: linux-3.13.1-2, linux-3.12.9-2
Friday, 31 January 2014, 13:20 GMT
Reason for closing: Fixed
Additional comments about closing: linux-3.13.1-2, linux-3.12.9-2
http://www.openwall.com/lists/oss-security/2014/01/31/2