FS#40715 : [linux] Linux kernel futex local privilege escalation (CVE-2014-3153)

FS#40715 - [linux] Linux kernel futex local privilege escalation (CVE-2014-3153)

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Thursday, 05 June 2014, 17:47 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 08 June 2014, 19:21 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Tobias Powalowski (tpowa) Thomas Bächler (brain0) Andreas Radke (AndyRTR)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	5 Claire Farron (clfarron4) (2014-06-07) Far Wayer (farwayer) (2014-06-06) patrick (potomac) (2014-06-06) Vitor Sakaguti (vitoreiji) (2014-06-05) Daniel Micay (thestinger) (2014-06-05)
Private	No

Details

There is a serious privilege escalation issue in the kernel:

http://seclists.org/oss-sec/2014/q2/467

It's a bit worse than the usual ones, because `futex` is a very common system call permitted inside sandboxes like the ones used by Chromium, Tor and OpenSSH.

This task depends upon

Closed by Tobias Powalowski (tpowa)
Sunday, 08 June 2014, 19:21 GMT
Reason for closing: Fixed
Additional comments about closing: 3.14.6

Comment by Daniel Micay (thestinger) - Thursday, 05 June 2014, 18:03 GMT

The linux-lts package also needs to be fixed but I didn't include it in the title because I was unaware when I reported the issue. It's dealt with in linux-grsec by 3.14.5.201406051310-1 (as part of the patchset).

Comment by Claire Farron (clfarron4) - Saturday, 07 June 2014, 13:38 GMT

I extracted these (the first four) from the .mbox file that the submitter used to compress all of them.

I'll test them later with my AUR packages (linux-lts312/-ck/312-ck).

NOTE: From what I understand, 0003-futex-2.6.32.patch is a correction of 0003-futex for something.

0001-futex.patch (2.4 KiB)

0002-futex-validate-atomic-ac... (1.6 KiB)

0003-futex-cleanup-owner-tid-... (2.8 KiB)

0004-futex.patch (11.3 KiB)

0003-futex-2.6.32.patch (3.1 KiB)

Comment by Daniel Micay (thestinger) - Saturday, 07 June 2014, 14:26 GMT

The patches should be applied from Linus' tree, now that they're upstream. There are 2 earlier futex-related patches to apply before these 4 too.

Comment by Claire Farron (clfarron4) - Saturday, 07 June 2014, 21:31 GMT

It appears there is no need to add linux-lts to this report. The 3.10.42 release contains the patches for CVE-2014-3153 (from looking at the changelog): https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.42

Comment by Daniel Micay (thestinger) - Sunday, 08 June 2014, 03:57 GMT

Arch is still on 3.10.41 (at least in [core]) which is vulnerable. The futex fixes for the non-LTS kernel are in 3.14.6, which needs to be packaged and then pushed to [core] for this to be closed.

Comment by Daniel Micay (thestinger) - Sunday, 08 June 2014, 13:35 GMT

The LTS package is now in [core], and the fixed linux version is in [testing]. The bug can be closed when that's moved to [core].

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#40715 - [linux] Linux kernel futex local privilege escalation (CVE-2014-3153)

Details

Loading...