Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-3038

Опубликовано: 07 июн. 2014
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2014-3038: unbreakable enterprise kernel security update (IMPORTANT)

[2.6.39-400.215.2]

  • futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153}
  • futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153}
  • futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153}
  • futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} {CVE-2014-3153}

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

kernel-uek

2.6.39-400.215.2.el5uek

kernel-uek-debug

2.6.39-400.215.2.el5uek

kernel-uek-debug-devel

2.6.39-400.215.2.el5uek

kernel-uek-devel

2.6.39-400.215.2.el5uek

kernel-uek-doc

2.6.39-400.215.2.el5uek

kernel-uek-firmware

2.6.39-400.215.2.el5uek

Oracle Linux i386

kernel-uek

2.6.39-400.215.2.el5uek

kernel-uek-debug

2.6.39-400.215.2.el5uek

kernel-uek-debug-devel

2.6.39-400.215.2.el5uek

kernel-uek-devel

2.6.39-400.215.2.el5uek

kernel-uek-doc

2.6.39-400.215.2.el5uek

kernel-uek-firmware

2.6.39-400.215.2.el5uek

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

2.6.39-400.215.2.el6uek

kernel-uek-debug

2.6.39-400.215.2.el6uek

kernel-uek-debug-devel

2.6.39-400.215.2.el6uek

kernel-uek-devel

2.6.39-400.215.2.el6uek

kernel-uek-doc

2.6.39-400.215.2.el6uek

kernel-uek-firmware

2.6.39-400.215.2.el6uek

Oracle Linux i686

kernel-uek

2.6.39-400.215.2.el6uek

kernel-uek-debug

2.6.39-400.215.2.el6uek

kernel-uek-debug-devel

2.6.39-400.215.2.el6uek

kernel-uek-devel

2.6.39-400.215.2.el6uek

kernel-uek-doc

2.6.39-400.215.2.el6uek

kernel-uek-firmware

2.6.39-400.215.2.el6uek

Связанные CVE

CVE-2014-3153

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-3153

CVSS3: 7.8
ubuntu
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

redhat логотип

CVE-2014-3153

redhat
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

nvd логотип

CVE-2014-3153

CVSS3: 7.8
nvd
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

debian логотип

CVE-2014-3153

CVSS3: 7.8
debian
около 11 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel throu ...

github логотип

GHSA-5gr7-gr2q-52gp

CVSS3: 7.8
github
около 3 лет назад

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.