> Specifically, the futex syscall can leave a queued kernel waiter hanging
on the stack. By manipulating the stack with further syscalls, the waiter
structure can be altered.
Is the bug that the waiter is left on the stack, or that other syscalls can alter the stack?
Allowing syscalls to alter the stack seems like a vulnerability regardless of what happens to be on the stack when it's altered.
Is there any proper information on this issue? The patches do not apply cleanly against the latest stable kernel (3.14.5) and there's no indication I can find as to what version they're intended to be applied to.
7 comments
[ 3.4 ms ] story [ 26.1 ms ] thread> Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered.
Is the bug that the waiter is left on the stack, or that other syscalls can alter the stack?
Allowing syscalls to alter the stack seems like a vulnerability regardless of what happens to be on the stack when it's altered.