Executive Summary

Summary
Title Linux kernel (Quantal HWE) vulnerability
Informations
Name USN-2237-1 First vendor Publication 2014-06-05
Vendor Ubuntu Last vendor Modification 2014-06-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description: - linux-lts-quantal: Linux hardware enablement kernel from Quantal

Details:

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS:
linux-image-3.5.0-51-generic 3.5.0-51.77~precise1

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2237-1
CVE-2014-3153

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-51.77~precise1

Original Source

Url : http://www.ubuntu.com/usn/USN-2237-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-269 Improper Privilege Management

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24473
 
Oval ID: oval:org.mitre.oval:def:24473
Title: USN-2237-1 -- linux-lts-quantal vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2237-1
CVE-2014-3153
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24711
 
Oval ID: oval:org.mitre.oval:def:24711
Title: DSA-2950-1 openssl - security update
Description: Multiple vulnerabilities have been discovered in OpenSSL.
Family: unix Class: patch
Reference(s): DSA-2950-1
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
CVE-2014-3153
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24779
 
Oval ID: oval:org.mitre.oval:def:24779
Title: DSA-2949-1 linux - security update
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2949-1
CVE-2014-3144
CVE-2014-3145
CVE-2014-3153
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24924
 
Oval ID: oval:org.mitre.oval:def:24924
Title: RHSA-2014:0771: kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-0203, Moderate) * A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0771-00
CESA-2014:0771
CVE-2013-6378
CVE-2014-0203
CVE-2014-1737
CVE-2014-1738
CVE-2014-1874
CVE-2014-2039
CVE-2014-3153
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25045
 
Oval ID: oval:org.mitre.oval:def:25045
Title: SUSE-SU-2014:0775-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a critical privilege escalation security issue: * CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation by non-root users. (bnc#880892) Security Issue reference: * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0775-1
CVE-2014-3153
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25261
 
Oval ID: oval:org.mitre.oval:def:25261
Title: RHSA-2014:0786: kernel security, bug fix, and enhancement update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * Use-after-free and information leak flaws were found in the way the Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use these flaws to escalate their privileges on the system. (CVE-2014-1737, CVE-2014-1738, Important) * It was found that the aio_read_events_ring() function of the Linux kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize the AIO ring head received from user space. A local, unprivileged user could use this flaw to disclose random parts of the (physical) memory belonging to the kernel and/or other processes. (CVE-2014-0206, Moderate) * An out-of-bounds memory access flaw was found in the Netlink Attribute extension of the Berkeley Packet Filter (BPF) interpreter functionality in the Linux kernel's networking implementation. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145, Moderate) * An information leak flaw was found in the way the skb_zerocopy() function copied socket buffers (skb) that are backed by user-space buffers (for example vhost-net and Xen netback), potentially allowing an attacker to read data from those buffers. (CVE-2014-2568, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bugs: * Due to incorrect calculation of Tx statistics in the qlcninc driver, running the "ethtool -S ethX" command could trigger memory corruption. As a consequence, running the sosreport tool, that uses this command, resulted in a kernel panic. The problem has been fixed by correcting the said statistics calculation. (BZ#1104972) * When an attempt to create a file on the GFS2 file system failed due to a file system quota violation, the relevant VFS inode was not completely uninitialized. This could result in a list corruption error. This update resolves this problem by correctly uninitializing the VFS inode in this situation. (BZ#1097407) * Due to a race condition in the kernel, the getcwd() system call could return "/" instead of the correct full path name when querying a path name of a file or directory. Paths returned in the "/proc" file system could also be incorrect. This problem was causing instability of various applications. The aforementioned race condition has been fixed and getcwd() now always returns the correct paths. (BZ#1099048) In addition, this update adds the following enhancements: * The kernel mutex code has been improved. The changes include improved queuing of the MCS spin locks, the MCS code optimization, introduction of the cancellable MCS spin locks, and improved handling of mutexes without wait locks. (BZ#1103631, BZ#1103629) * The handling of the Virtual Memory Area (VMA) cache and huge page faults has been improved. (BZ#1103630) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0786-00
CVE-2014-0206
CVE-2014-1737
CVE-2014-1738
CVE-2014-2568
CVE-2014-2851
CVE-2014-3144
CVE-2014-3145
CVE-2014-3153
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26071
 
Oval ID: oval:org.mitre.oval:def:26071
Title: SUSE-SU-2014:0837-2 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel was updated to fix a critical security issue.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0837-2
CVE-2014-3153
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26111
 
Oval ID: oval:org.mitre.oval:def:26111
Title: SUSE-SU-2014:0837-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel was updated to fix a critical security issue.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0837-1
CVE-2014-3153
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27093
 
Oval ID: oval:org.mitre.oval:def:27093
Title: ELSA-2014-3039 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.2uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} {CVE-2014-3153}
Family: unix Class: patch
Reference(s): ELSA-2014-3039
CVE-2014-3153
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27112
 
Oval ID: oval:org.mitre.oval:def:27112
Title: ELSA-2014-3038 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.215.2] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} {CVE-2014-3153}
Family: unix Class: patch
Reference(s): ELSA-2014-3038
CVE-2014-3153
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27316
 
Oval ID: oval:org.mitre.oval:def:27316
Title: ELSA-2014-3037 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [3.8.13-35.1.1.el6uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} {CVE-2014-3153}
Family: unix Class: patch
Reference(s): ELSA-2014-3037
CVE-2014-3153
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
dtrace-modules-headers
dtrace-modules-provider-headers
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 2079
Os 1
Os 1
Os 1
Os 1
Os 1
Os 4

SAINT Exploits

Description Link
Linux kernel futex_requeue privilege elevation More info here

ExploitDB Exploits

id Description
2014-11-25 Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0815.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0900.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0800.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-bigsmp-201409-140924.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140924.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-363.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-392.nasl - Type : ACT_GATHER_INFO
2014-08-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3070.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0786.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0786.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0913.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-451.nasl - Type : ACT_GATHER_INFO
2014-06-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2260-1.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-441.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140619_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7320.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-124.nasl - Type : ACT_GATHER_INFO
2014-06-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7128.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140604.nasl - Type : ACT_GATHER_INFO
2014-06-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3039.nasl - Type : ACT_GATHER_INFO
2014-06-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3038.nasl - Type : ACT_GATHER_INFO
2014-06-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3037.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2950.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2949.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2233-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2234-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2235-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2237-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2238-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2239-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2240-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2241-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-06-09 21:28:23
  • Multiple Updates
2014-06-07 21:26:30
  • Multiple Updates
2014-06-07 13:23:24
  • Multiple Updates
2014-06-06 05:18:33
  • First insertion