Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30736
HistoryMay 15, 2014 - 12:00 a.m.

[oss-security] CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference

2014-05-1500:00:00
vulners.com
43
JSON

Hello,

Linux kernel built with the fast userspace mutexes(CONFIG_FUTEX) support is vulnerable to a NULL pointer dereference flaw. It could occur when a waiting task requests wait to be re-queued from non-PI futex to a PI-aware futex via FUTEX_WAIT_REQUEUE_PI operation.

An unprivileged user/program could use this flaw to crash the system kernel resulting in DoS.

Upstream fix:

-> https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef

Introduced in:

-> https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122

Thank you.

Prasad J Pandit / Red Hat Security Response Team

JSON