Ask / Submit
4

Fix security CVE-2014-3153 [answered]

asked 2014-06-20 13:12:55 +0300

mvdm gravatar image

updated 2014-06-21 20:48:43 +0300

ssahla gravatar image

Hi is there a fix issue for jolla for cve-2014-3153 ?

Was googling and found nothing about that ...

a explanaition in french : [http://www.planet-libre.org/?post_id=17020]

CVE-2014-3153 Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by ssahla
close date 2014-06-21 20:48:21.862786

Comments

According to the original message: "Possibly invited: Every Android phone with a kernel build date < Jun 3"

Jolla runs: Linux Jolla 3.4.87.20140516.2 #1 SMP PREEMPT Fri Jun 6 16:05:20 UTC 2014 armv7l armv7l armv7l GNU/Linux

Build-date is 6 jun, but the kernel date is "20140516"...

Fuzzillogic ( 2014-06-20 13:23:08 +0300 )edit

Currently someone with user access can use pkcon to gain root privileges, so fixing the issue mentioned by OP won't improve security.

clau ( 2014-06-20 21:16:03 +0300 )edit

1 Answer

Sort by » oldest newest most voted
5

answered 2014-06-21 12:48:05 +0300

Philippe De Swert gravatar image

This was fixed internally already a few days ago. So this will come in an update soon.

edit flag offensive delete publish link more

Question tools

Follow
2 followers

Stats

Asked: 2014-06-20 13:12:55 +0300

Seen: 392 times

Last updated: Jun 21 '14