Linux ptrace bug (CVE-2014-4699)
Bug #1340038 reported by
Pavel Chekin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mirantis OpenStack |
Fix Committed
|
High
|
Alexei Sheplyakov | ||
Bug Description
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
CVE References
Revision history for this message
| Alexei Sheplyakov (asheplyakov) wrote | #1 |
| Changed in mos: | |
| assignee: | MOS Linux (mos-linux) → Alexei Sheplyakov (asheplyakov) |
| importance: | Undecided → High |
| status: | New → Confirmed |
| milestone: | none → 6.0 |
Revision history for this message
| Alexei Sheplyakov (asheplyakov) wrote | #2 |
| tags: | added: cve |
Revision history for this message
| Alexei Sheplyakov (asheplyakov) wrote | #3 |
| Changed in mos: | |
| status: | Confirmed → Fix Committed |
To post a comment you must log in.
The issue has been fixed in upstream version 3.10.48 (to be more specific, commit 8c6fa0a671dc12e
Ubuntu team has released a fix for 2.6.32 (see https:/
Should we wait for one, or we can peek the fix from Ubuntu (which is basically equivalent to commit 8c6fa0a671dc12e