CVE-2014-0205: Use After Free
First published: Mon May 05 2014(Updated: )
A flaw was found in the way the Linux kernel's futex subsystem handled reference counting in case of futex requeue during futex_wait(). An unprivileged local user could use this flaw to crash the system or, potentially, escalate their privileges on the system by overputting reference counter on either inode or mm that backs up the memory area of the futex, leading to use-after-free. References: <a href="https://lkml.org/lkml/2010/9/16/99">https://lkml.org/lkml/2010/9/16/99</a> Upstream fix: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704</a> Acknowledgements: The security impact of this issue was discovered by Mateusz Guzik of Red Hat.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=2.6.36.4 | |
| Linux Linux kernel | =2.6.36 | |
| Linux Linux kernel | =2.6.36-rc1 | |
| Linux Linux kernel | =2.6.36-rc2 | |
| Linux Linux kernel | =2.6.36-rc3 | |
| Linux Linux kernel | =2.6.36-rc4 | |
| Linux Linux kernel | =2.6.36-rc5 | |
| Linux Linux kernel | =2.6.36-rc6 | |
| Linux Linux kernel | =2.6.36-rc7 | |
| Linux Linux kernel | =2.6.36-rc8 | |
| Linux Linux kernel | =2.6.36.1 | |
| Linux Linux kernel | =2.6.36.2 | |
| Linux Linux kernel | =2.6.36.3 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ada876a8703f23befbb20a7465a702ee39b1704
- http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37
- http://rhn.redhat.com/errata/RHSA-2014-1365.html
- http://rhn.redhat.com/errata/RHSA-2014-1763.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1094455
- https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704
- https://launchpad.net/bugs/cve/CVE-2014-0205
- https://lkml.org/lkml/2010/9/16/99
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704
- https://rhn.redhat.com/errata/RHSA-2014-1167.html
- https://rhn.redhat.com/errata/RHSA-2014-1365.html
- https://rhn.redhat.com/errata/RHSA-2014-1763.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0205
- https://nvd.nist.gov/vuln/detail/CVE-2014-0205
- https://security-tracker.debian.org/tracker/CVE-2014-0205
- https://ubuntu.com/security/CVE-2014-0205
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0205
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/tags
- agent/last-modified-date
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.36.4
- version/linux linux kernel/2.6.36
- version/linux linux kernel/2.6.36-rc1
- version/linux linux kernel/2.6.36-rc2
- version/linux linux kernel/2.6.36-rc3
- version/linux linux kernel/2.6.36-rc4
- version/linux linux kernel/2.6.36-rc5
- version/linux linux kernel/2.6.36-rc6
- version/linux linux kernel/2.6.36-rc7
- version/linux linux kernel/2.6.36-rc8
- version/linux linux kernel/2.6.36.1
- version/linux linux kernel/2.6.36.2
- version/linux linux kernel/2.6.36.3
- package-manager/debian