
Oss-sec: Linux kernel futex local privilege escalation (CVE-2014-3153) - zekers
http://seclists.org/oss-sec/2014/q2/467
======
scott_s
A follow-up comment describes how it works: [http://seclists.org/oss-
sec/2014/q2/469](http://seclists.org/oss-sec/2014/q2/469)

~~~
haberman
Nice. I didn't quite understand though:

> Specifically, the futex syscall can leave a queued kernel waiter hanging on
> the stack. By manipulating the stack with further syscalls, the waiter
> structure can be altered.

Is the bug that the waiter is left on the stack, or that other syscalls can
alter the stack?

Allowing syscalls to alter the stack seems like a vulnerability regardless of
what happens to be on the stack when it's altered.

------
dalias
Is there any proper information on this issue? The patches do not apply
cleanly against the latest stable kernel (3.14.5) and there's no indication I
can find as to what version they're intended to be applied to.

------
voltagex_
Isn't BPF a virtual machine inside the kernel? Does this have any impact on
the likelihood of exploits?

------
angersock
See, this is what happens when (presumably white, male) programmers don't
check their privilege.

~~~
figglesonrails
That made my day brighter. Sorry you're getting so many downvotes for that. :(

