Vigil@nce - Linux kernel: privilege escalation via futex
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a futex on the Linux kernel, in order to
escalate his privileges.
– Impacted products: Debian, Fedora, Linux, MBS, RHEL, SUSE Linux
Enterprise Desktop, SLES, Ubuntu
– Severity: 2/4
– Creation date: 05/06/2014
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can be compiled with the support of CONFIG_FUTEX
(Fast Userspace Mutex).
However, if the user requests a requeue operation with the same
address, the futex_requeue() function accepts the operation.
A local attacker can therefore use a futex on the Linux kernel, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-privilege-escalation-via-futex-14848