CVE-2012-6647

2014-05-2600:00:00

ubuntu.com

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel
before 3.5.1 does not ensure that calls have two different futex addresses,
which allows local users to cause a denial of service (NULL pointer
dereference and system crash) or possibly have unspecified other impact via
a crafted FUTEX_WAIT_REQUEUE_PI command.

Bugs

<https://launchpad.net/bugs/1321452>

Notes

Author	Note
jdstrand	android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-45.99UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-30.48UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1607.11UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-350.56UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1418.25UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	linux	< 2.6.32-45.99	UNKNOWN
ubuntu	12.04	noarch	linux	< 3.2.0-30.48	UNKNOWN
ubuntu	12.04	noarch	linux-armadaxp	< 3.2.0-1607.11	UNKNOWN
ubuntu	10.04	noarch	linux-ec2	< 2.6.32-350.56	UNKNOWN
ubuntu	12.04	noarch	linux-ti-omap4	< 3.2.0-1418.25	UNKNOWN