Pinkie Pie Linux Kernel Patch Available

Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation.

Debian, which distributes versions of Linux for personal computers and network servers, warned about the vulnerabilities yesterday in a security update.

The most concerning issue (CVE-2014-3153) involves the futex subsystem and could let an attacker with local access perform unauthorized actions. According to LWN.net, the futux mechanism is a “fast, lightweight kernel-assisted locking primitive for user-space applications.” The local user could gain ring 0 control via the futex system call.

“An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation,” the advisory said.

As futex tends to be available within most Linux sandboxes, some experts are viewing it as an especially urgent to fix issue.

Kees Cook, a ChromeOS security researcher and former Ubuntu Security Engineer wrote Thursday on Seclists.org.

“The futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0,” Cook said when explaining the bug.

Pinkie Pie, the anonymous teenage researcher who famously produced a sandbox escape against Chrome when he chained together six individual vulnerabilities in 2012, was credited with discovering the futex issue.

Pinkie Pie of course has proved more than adept at finding additional bugs in Chrome and Chrome OS – many of them sandbox exploits – at both Pwnium and Pwn2Own competitions over the last few years.

Another issue (CVE-2014-3144/CVE-2014-3145) where-in a local user could also cause a DoS situation via BPF instructions, was also fixed yesterday.

Debian is encouraging Linux users to upgrade their packages and points out that the issue has been fixed in the stable distribution, version 3.2.57-3+deb7u2, and will be fixed in the unstable distribution soon.

A bug similar to the futex one – one that apparently existed for five years – was patched last month in Linux kernel. A problem with the “n_tty_write function” could have let local users cause denial of service attacks, gain privileges or run malicious code.