| Description: | The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command. A flaw was discovered in the requeuing of futexes in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact.
|