Summary: | kernel: local privilege escalation via futexes (CVE-2021-3347) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Piotr Karbowski (RETIRED) <slashbeast> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alicef, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/01/29/1 | ||
Whiteboard: | A3 [stable blocked] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 768894 | ||
Bug Blocks: |
Description
Piotr Karbowski (RETIRED)
2021-01-29 22:05:49 UTC
This is affecting 5.10.11 as far as I can see from: https://nvd.nist.gov/vuln/detail/CVE-2021-3347 "An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458." Based on current knowledge, the complexity to exploit this is *very* high so thatt he highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. *** Bug 768045 has been marked as a duplicate of this bug. *** Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. (In reply to Thomas Deutschmann from comment #3) > Based on current knowledge, the complexity to exploit this is *very* high so > thatt he highest threat from this vulnerability is to data confidentiality > and integrity as well as system availability. Isn't that all three ways a vulnerability can affect something? Anyway, fixed kernels appear to be 4.9.257, 4.14.218, 4.19.172, 5.4.94, 5.10.12, and we've been fixed for a while |