** Description changed: - A flaw was found in the way the Linux kernel's futex subsystem handled - reference counting when requeuing futexes during futex_wait(). A local, - unprivileged user could use this flaw to zero out the reference counter - of an inode or an mm struct that backs up the memory area of the futex, - which could lead to a use-after-free flaw, resulting in a system crash - or, potentially, privilege escalation + The futex_wait function in kernel/futex.c in the Linux kernel before + 2.6.37 does not properly maintain a certain reference count during + requeue operations, which allows local users to cause a denial of + service (use-after-free and system crash) or possibly gain privileges + via a crafted application that triggers a zero count. Break-Fix: - 7ada876a8703f23befbb20a7465a702ee39b1704
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1370021 Title: CVE-2014-0205 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1370021/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
