[Secure-testing-team] CVE-2006-5648
Florian Weimer
fw at deneb.enyo.de
Mon Dec 25 13:11:56 CET 2006
Has CVE-2006-5648 been addressed for the current linux-2.6 version?
Here's what I've found out about this bug so far:
NOTE: Some new futex-related system calls need arch-specific support
NOTE: routines, or they can lead to unkillable userspace processes.
NOTE: The following git commits add futex_atomic_cmpxchg_inatomic
NOTE: implementations. The initial implementation contained code
NOTE: for amd64 and i386. Other implementations were added here:
NOTE: c7fed9d75074f7c243ec8ff2c55d04de2839a6f6 (sparc64, before 2.6.19)
NOTE: 69588298188b40ed7f75c98a6fd328d82f23ca21 (powerpc, before 2.6.18)
NOTE: a192dc16000241dc02990a36b6830839b73c44de (ia64, before 2.6.19)
NOTE: 342a0497c23c278633f8674ab62f71e5049b7080 (parisc, before 2.6.19)
NOTE: Expoitability depends on whether the syscall is actually wired,
NOTE: which seems to be the case for everything but ia64 and maybe arm.
More information about the Secure-testing-team
mailing list