Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 511608 (CVE-2012-6647)

Summary: Kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference (CVE-2012-6647)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED OBSOLETE    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-05-27 09:29:00 UTC 
CVE-2012-6647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6647):
  The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel 
  before 3.5.1 does not ensure that calls have two different futex addresses, 
  which allows local users to cause a denial of service (NULL pointer dereference 
  and system crash) or possibly have unspecified other impact via a crafted
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 22:07:19 UTC 
CVE-2012-6647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6647):
  The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel
  before 3.5.1 does not ensure that calls have two different futex addresses,
  which allows local users to cause a denial of service (NULL pointer
  dereference and system crash) or possibly have unspecified other impact via
  a crafted FUTEX_WAIT_REQUEUE_PI command.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-04 19:12:20 UTC 
There are no longer any 2.x or <3.5.1 kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.