[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

linux-2.6 update

Package        : linux-2.6
Version        : 2.6.32-48squeeze7
CVE ID         : CVE-2014-3153 CVE-2014-1438
CVE-2014-3153: Pinkie Pie discovered an issue in the futex subsystem that
allows a local user to gain ring 0 control via the futex syscall.  An
unprivileged user could use this flaw to crash the kernel (resulting in
denial of service) or for privilege escalation.

CVE-2014-1438: The restore_fpu_checking function in
arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the
AMD K7 and K8 platforms does not clear pending exceptions before proceeding
to an EMMS instruction, which allows local users to cause a denial of
service (task kill) or possibly gain privileges via a crafted application.

Attachment: signature.asc
Description: Digital signature

Reply to: