Linux kernel/futex.c wake_futex_pi 函数futex解锁操作拒绝服务漏洞

admin

0
文章

0
评论

2022-07-23 17:22:52 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Linux kernel/futex.c wake_futex_pi 函数futex解锁操作拒绝服务漏洞

CNNVD编号：CNNVD-201002-151
危害等级：中危
CVE编号： CVE-2010-0622
漏洞类型：其他
发布时间： 2010-01-28
威胁类型：本地
更新时间： 2010-02-16
厂商： linux
漏洞来源： Thomas Gleixner

漏洞简介

Linux Kernel是开源操作系统Linux所使用的内核。

Linux kernel的文件 \'\'kernel/futex.c\'\'中的 wake_futex_pi函数没有正确控制Priority Inheritance (PI) futex的解锁操作，远程攻击者可以借助与从用户空间修改内核空间futex值相关的向量，导致拒绝服务攻击和其他未明影响。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

S.u.S.E. openSUSE 11.0

SuSE vmware-kmp-debug-2008.04.14_2.6.25.20_0.7-21.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/vmware-kmp-debug-2 008.04.14_2.6.25.20_0.7-21.1.x86_64.rpm

SuSE ivtv-kmp-debug-1.0.3_2.6.25.20_0.7-66.1.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/ivtv-kmp-debug-1.0.3 _2.6.25.20_0.7-66.1.i586.rpm

SuSE uvcvideo-kmp-debug-r200_2.6.25.20_0.7-2.4.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/uvcvideo-kmp-debug -r200_2.6.25.20_0.7-2.4.x86_64.rpm

SuSE kernel-debug-2.6.25.20-0.7.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/kernel-debug-2.6.25. 20-0.7.i586.rpm

SuSE at76_usb-kmp-debug-0.17_2.6.25.20_0.7-2.1.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/at76_usb-kmp-debug -0.17_2.6.25.20_0.7-2.1.x86_64.rpm

SuSE kqemu-kmp-debug-1.3.0pre11_2.6.25.20_0.7-7.1.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/kqemu-kmp-debug-1.3. 0pre11_2.6.25.20_0.7-7.1.i586.rpm

SuSE drbd-kmp-debug-8.2.6_2.6.25.20_0.7-0.2.i586.rpm

http://download.opensuse.org/update/11.0/rpm/i586/drbd-kmp-debug-8.2.6 _2.6.25.20_0.7-0.2.i586.rpm

SuSE kernel-debug-debuginfo-2.6.25.20-0.7.i586.rpm

http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-debug-d ebuginfo-2.6.25.20-0.7.i586.rpm

SuSE kernel-pae-debugsource-2.6.25.20-0.7.i586.rpm

http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-pae-deb ugsource-2.6.25.20-0.7.i586.rpm

SuSE kernel-vanilla-debugsource-2.6.25.20-0.7.ppc.rpm

http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-vanilla- debugsource-2.6.25.20-0.7.ppc.rpm

SuSE kernel-xen-2.6.25.20-0.7.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-xen-2.6.25. 20-0.7.x86_64.rpm

SuSE kernel-default-debugsource-2.6.25.20-0.7.i586.rpm

http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-default -debugsource-2.6.25.20-0.7.i586.rpm

SuSE kernel-debug-debugsource-2.6.25.20-0.7.x86_64.rpm

http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-debug -debugsource-2.6.25.20-0.7.x86_64.rpm

SuSE kernel-debug-2.6.25.20-0.7.x86_64.rpm

http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-debug-2.6.2 5.20-0.7.x86_64.rpm

Debian Linux 4.0 powerpc

Debian linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb

http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head ers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb

S.u.S.E. openSUSE 11.1

SuSE kernel-vanilla-2.6.27.45-0.1.1.i586.rpm

http://download.opensuse.org/update/11.1/rpm/i586/kernel-vanilla-2.6.2 7.45-0.1.1.i586.rpm

SuSE kernel-default-base-2.6.27.45-0.1.1.ppc.rpm

http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-base-2 .6.27.45-0.1.1.ppc.rpm

SuSE kernel-trace-base-2.6.27.45-0.1.1.x86_64.rpm

http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-trace-base- 2.6.27.45-0.1.1.x86_64.rpm

SuSE kernel-debug-2.6.27.45-0.1.1.i586.rpm

http://download.opensuse.org/update/11.1/rpm/i586/kernel-debug-2.6.27. 45-0.1.1.i586.rpm

SuSE kernel-default-extra-2.6.27.45-0.1.1.x86_64.rpm

http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-default-ext ra-2.6.27.45-0.1.1.x86_64.rpm

SuSE kernel-default-extra-2.6.27.45-0.1.1.ppc.rpm

http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-extra- 2.6.27.45-0.1.1.ppc.rpm

SuSE kernel-ppc64-extra-2.6.27.45-0.1.1.ppc.rpm

http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-extra-2. 6.27.45-0.1.1.ppc.rpm

SuSE kernel-debug-base-2.6.27.45-0.1.1.x86_64.rpm

http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-debug-base- 2.6.27.45-0.1.1.x86_64.rpm

SuSE kernel-ppc64-base-2.6.27.45-0.1.1.ppc.rpm

http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-base-2.6 .27.45-0.1.1.ppc.rpm

参考网址

来源: www.kernel.org

链接:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=563091

来源: MLIST

名称: [oss-security] 20100211 Re: CVE request - kernel: futex: Handle user space corruption gracefully

链接:http://www.openwall.com/lists/oss-security/2010/02/11/2

来源: MLIST

名称: [oss-security] 20100209 CVE request - kernel: futex: Handle user space corruption gracefully

链接:http://www.openwall.com/lists/oss-security/2010/02/09/2

来源: git.kernel.org

链接:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51246bfd189064079c54421507236fd2723b18f3

受影响实体

Linux Linux_kernel:2.6.0
Linux Linux_kernel:2.6.32
Linux Linux_kernel:2.6.32.1
Linux Linux_kernel:2.6.32.3
Linux Linux_kernel:2.6.32.2

补丁

kernel-trace-base-2.6.27.45-0.1.1.i586
kernel-trace-extra-2.6.27.45-0.1.1.i586.rpm
kernel-xen-base-2.6.27.45-0.1.1.i586
kernel-xen-extra-2.6.27.45-0.1.1.i586.rpm
kernel-default-base-2.6.27.45-0.1.1.ppc

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

ZONE.CI 全球网

Plugins

WordPress

Web前端

设计资源

Linux kernel/futex.c wake_futex_pi 函数futex解锁操作拒绝服务漏洞

漏洞信息详情

Linux kernel/futex.c wake_futex_pi 函数futex解锁操作拒绝服务漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

补丁

Linux kernel/futex.c wake_futex_pi 函数futex解锁操作拒绝服务漏洞

Symantec Altiris Notification Server静态加密密钥非授权访问漏洞

Samba mount.cifs工具本地权限提升漏洞

Sudo sudoedit命令本地权限提升漏洞

Fuse Samba mount.cifs工具本地权限提升漏洞

Mozilla Thunderbird中DNS信息提取导致用户信息泄露漏洞

Yoflash Mochigames组件'cid'参数SQL注入漏洞

GNU Gzip动态Huffman解压远程代码执行漏洞

Google Chrome程序拒绝服务攻击漏洞

Google Chrome程序内存敏感信息泄露漏洞

ZONE.CI 全球网