Linux kernel Flaw Allowing DDoS Cyber Attack Found

Debian security advisory published a new update for computers running the Linux operating system,Several vulnerability has been found in Linux kernel ,Futex subsystem, may lead to a DDoSย or privilege escalation.

Debian security advisory recomend upgrade your linux packages( version 3.2.57-3+deb7u2) and said problems in Futex subsystem have been fixed.

Linux kernel flaw

CVE-2014-3144 CVE-2014-3145 CVE-2014-3153

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation:

CVE-2014-3144 / CVE-2014-3145

A local user can cause a denial of service (system crash) via
crafted BPF instructions.


Pinkie Pie discovered an issue in the futex subsystem that allows a
local user to gain ring 0 control via the futex syscall. An
unprivileged user could use this flaw to crash the kernel (resulting
in denial of service) or for privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.57-3+deb7u2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.

Share this information