mailing list archives
Re: Linux kernel futex local privilege escalation (CVE-2014-3153)
From: rf () q-leap de
Date: Fri, 6 Jun 2014 11:11:42 +0200
"Thomas" == Thomas Gleixner <tglx () linutronix de> writes:
>> On Thu, Jun 05, 2014 at 11:38:27PM -0400, Rich Felker wrote:
>> > On Thu, Jun 05, 2014 at 06:45:45PM +0400, Solar Designer wrote:
>> > > I've attached patches by Thomas Gleixner (four e-mails, in
>> > > mbox format), as well as back-ports of those by John Johansen
>> > > of Canonical, who wrote:
>> > Maybe I'm missing something, but I can't find any statement of
>> > what version these patches are intended to apply cleanly
>> > to. They don't apply to latest stable.
>> Thomas - can you answer Rich's question? This is about patches
>> you sent on June 3 to linux-distros, which Kees then saved into
>> an mbox file.
Thomas> They should apply cleanly, if all stable tagged futex
Thomas> patches before that are applied.
could you please clarify whether
f0d71b3dcb8332f7971b5f2363632573e6d9486a futex: Prevent attaching to kernel threads
866293ee54227584ffcb4a42f69c1f365974ba7f futex: Add another early deadlock detection check
absolutely have to be applied as well for the CVE's to be fixed and
functionality being OK otherwise? I need to backport to 3.12.x. The patches
for 3.13 sent by Alexander applied cleanly to latest 3.12.
http://www.q-leap.com / http://qlustar.com