CVE-2014-3153 Futex requeue exploit


Severity

Important to Low (see affected Pivotal products for details)

Vendor

Canonical Ubuntu

Versions Affected
  • Linux kernel through 3.14.5
Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

Affected Pivotal Products and Versions

Severity is important unless otherwise noted.

  • Cloud Foundry final releases prior to v177
  • Pivotal CF 1.1.0.0 to 1.2.x (Severity: Low)
Mitigation

Users of affected versions should apply the following mitigation:

  • Pivotal recommends that Cloud Foundry Runtime Deployments running Release v176 or earlier upgrade to v177 or higher. As of v177, Cloud Foundry is integrated with BOSH stemcell 2671, based on Ubuntu 14.04, which resolves this vulnerability.
  • Pivotal CF Elastic Runtime will have a minor release (1.3) in Q3 including stemcells built with updated OpenSSL versions. Pivotal recommends that operators upgrade existing deployments to that version.
Credit

Many thanks to Pinkie Pie, the anonymous researcher who first discovered and reported this issue.

References