** Description changed: - While working on KernelThreadSanitizer (KTSAN), a data race detector for - kernels, Dmitry Vyukov found a data race that can trick the kernel into - using unitialized memory. - This can at least give access to arbitrary - SysV shared memory and Dmitry developed a proof of concept exploit for - this. (On many systems, this can be used to escalate privileges). - - While we didn't investigate this deeply, it is almost certain that this - vulnerability can be used to gain arbitrary code execution in the - kernel. Exercise left to the reader. + Race condition in the IPC object implementation in the Linux kernel + through 4.2.3 allows local users to gain privileges by triggering an + ipc_addid call that leads to uid and gid comparisons against + uninitialized data, related to msg.c, shm.c, and util.c. Break-Fix: - b9a532277938798b53178d5a66af6e2915cb27cf
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1502032 Title: CVE-2015-7613 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1502032/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
