Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-3037

Опубликовано: 06 июн. 2014
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2014-3037: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-35.1.1.el6uek]

  • futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153}
  • futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153}
  • futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153}
  • futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} {CVE-2014-3153}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-35.1.1.el6uek

0.4.3-4.el6

dtrace-modules-headers

0.4.3-4.el6

dtrace-modules-provider-headers

0.4.3-4.el6

kernel-uek

3.8.13-35.1.1.el6uek

kernel-uek-debug

3.8.13-35.1.1.el6uek

kernel-uek-debug-devel

3.8.13-35.1.1.el6uek

kernel-uek-devel

3.8.13-35.1.1.el6uek

kernel-uek-doc

3.8.13-35.1.1.el6uek

kernel-uek-firmware

3.8.13-35.1.1.el6uek

Связанные CVE

CVE-2014-3153

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-3153

CVSS3: 7.8
ubuntu
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

redhat логотип

CVE-2014-3153

redhat
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

nvd логотип

CVE-2014-3153

CVSS3: 7.8
nvd
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

debian логотип

CVE-2014-3153

CVSS3: 7.8
debian
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel throu ...

github логотип

GHSA-5gr7-gr2q-52gp

CVSS3: 7.8
github
около 3 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.