FS#40232 - [linux] CVE-2014-0196 kernel: pty layer race condition leading to memory corruption
Attached to Project:
Arch Linux
Opened by Daniel Micay (thestinger) - Monday, 05 May 2014, 23:53 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 12 May 2014, 19:53 GMT
Opened by Daniel Micay (thestinger) - Monday, 05 May 2014, 23:53 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 12 May 2014, 19:53 GMT
|
This task depends upon
Closed by Tobias Powalowski (tpowa)
Monday, 12 May 2014, 19:53 GMT
Reason for closing: Fixed
Additional comments about closing: 3.14.3-2
Monday, 12 May 2014, 19:53 GMT
Reason for closing: Fixed
Additional comments about closing: 3.14.3-2
Comment by
Daniel Micay (thestinger) -
Wednesday, 07 May 2014, 21:23 GMT
Comment by Christian Hesse (eworm) -
Monday, 12 May 2014, 11:35 GMT
This is still present in 3.14.3-1 since a fix wasn't committed
upstream yet (it's in linux-next). There's a proof of concept
causing a crash, but it's almost certainly exploitable too:
http://seclists.org/oss-sec/2014/q2/250
Prepared a patch against current files in abs.