Debian Security Advisory
DLA-0007-1 linux-2.6 -- LTS security update
- Date Reported:
- 18 Jun 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3153, CVE-2014-1438.
- More information:
Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.
For Debian 6
Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze7