Important to Low
- Linux kernel through 3.14.5
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
Affected Products and Versions
Severity is important unless otherwise noted.
- Cloud Foundry final releases prior to v177
Users of affected versions should apply the following mitigation:
- Cloud Foundry Runtime Deployments running Release v176 or earlier upgrade to v177 or higher. As of v177, Cloud Foundry is integrated with BOSH stemcell 2671, based on Ubuntu 14.04, which resolves this vulnerability.
Many thanks to Pinkie Pie, the anonymous researcher who first discovered and reported this issue.