Severity

Important to Low

Vendor

Canonical Ubuntu

Versions Affected

• Linux kernel through 3.14.5

Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

Affected Products and Versions

Severity is important unless otherwise noted.

• Cloud Foundry final releases prior to v177

Mitigation

Users of affected versions should apply the following mitigation:

• Cloud Foundry Runtime Deployments running Release v176 or earlier upgrade to v177 or higher. As of v177, Cloud Foundry is integrated with BOSH stemcell 2671, based on Ubuntu 14.04, which resolves this vulnerability.

Credit

Many thanks to Pinkie Pie, the anonymous researcher who first discovered and reported this issue.

References

• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3153
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
• http://threatpost.com/debian-urging-users-patch-linux-kernel-flaw