CVE-2014-3153 Futex requeue exploit
Important to Low (see affected Pivotal products for details)
- Linux kernel through 3.14.5
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
Affected VMware Products and Versions
Severity is important unless otherwise noted.
- Cloud Foundry final releases prior to v177
- Pivotal CF 220.127.116.11 to 1.2.x (Severity: Low)
Users of affected versions should apply the following mitigation:
- Pivotal recommends that Cloud Foundry Runtime Deployments running Release v176 or earlier upgrade to v177 or higher. As of v177, Cloud Foundry is integrated with BOSH stemcell 2671, based on Ubuntu 14.04, which resolves this vulnerability.
- Pivotal CF Elastic Runtime will have a minor release (1.3) in Q3 including stemcells built with updated OpenSSL versions. Pivotal recommends that operators upgrade existing deployments to that version.
Many thanks to Pinkie Pie, the anonymous researcher who first discovered and reported this issue.