767892 – (CVE-2021-3347) kernel: local privilege escalation via futexes (CVE-2021-3347)

Bug 767892 (CVE-2021-3347) - kernel: local privilege escalation via futexes (CVE-2021-3347)

Summary: kernel: local privilege escalation via futexes (CVE-2021-3347)

Status:	RESOLVED FIXED

Alias:	CVE-2021-3347

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	https://www.openwall.com/lists/oss-se...
Whiteboard:	A3 [stable blocked]
Keywords:

Duplicates (1):	768045 (view as bug list)
Depends on:	CVE-2021-26708
Blocks:
	Show dependency tree

Reported:	2021-01-29 22:05 UTC by Piotr Karbowski (RETIRED)
Modified:	2022-03-26 01:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Piotr Karbowski (RETIRED) gentoo-dev

2021-01-29 22:05:49 UTC

See https://www.openwall.com/lists/oss-security/2021/01/29/1

Comment 1 Alice Ferrazzi Gentoo Infrastructure

2021-01-30 12:16:46 UTC

This is affecting 5.10.11 as far as I can see

Comment 2 Alice Ferrazzi Gentoo Infrastructure

2021-01-30 12:17:23 UTC

from:
https://nvd.nist.gov/vuln/detail/CVE-2021-3347

"An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458."

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-06 14:18:43 UTC

Based on current knowledge, the complexity to exploit this is *very* high so thatt he highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-10 13:38:02 UTC

*** Bug 768045 has been marked as a duplicate of this bug. ***

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:24:19 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:32:47 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 17:40:40 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 17:48:50 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 9 NATTkA bot gentoo-dev

2021-07-29 18:04:46 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 10 NATTkA bot gentoo-dev

2021-07-29 18:13:03 UTC

Package list is empty or all packages have requested keywords.

Comment 11 John Helmert III archtester

2022-03-26 01:28:14 UTC

(In reply to Thomas Deutschmann from comment #3)
> Based on current knowledge, the complexity to exploit this is *very* high so
> thatt he highest threat from this vulnerability is to data confidentiality
> and integrity as well as system availability.

Isn't that all three ways a vulnerability can affect something?

Anyway, fixed kernels appear to be 4.9.257, 4.14.218, 4.19.172, 5.4.94, 5.10.12, and we've been fixed for a while