[pja]

Works on Debian stable (wheezy).

Joy unconfined.

[yebyen]

I have an ubuntu precise that has been keeping up with kernel updates, running 3.2.0-41-generic, and it does not give root.

Whether the vulnerability is patched or the exploit just doesn't work, I can't say, but I get this:

  yebyen@oneiric64:~$ gcc -O2 semtex.c 
  yebyen@oneiric64:~$ ./a.out 
  Killed

(Don't worry the hostname is oneiric64. It's not running oneiric.)

[ezdiy]

Try dmesg.

[yebyen]

I checked dmesg. It's clear that something bad happened, but I didn't get root. I don't really know what I'm looking at, I just ran arbitrary code on my least valuable machine trying to learn something.

Want me to pastebin it? edit:

It starts out

  [318258.327110] BUG: unable to handle kernel paging request at 0000001781ef7788
  [318258.328251] IP: [<ffffffff8108f1a5>] atomic_dec_and_mutex_lock+0x15/0x90
  [318258.328251] PGD 2b18b067 PUD 0 
  [318258.328251] Oops: 0000 [#4] SMP

[cmars]

Same here:

  Linux (redacted) 3.2.0-41-virtual #66-Ubuntu SMP Thu Apr 25 03:47:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

  [  413.309308] BUG: unable to handle kernel paging request at 0000001781eef4e8
  [  413.310359] IP: [<ffffffff8108d605>] atomic_dec_and_mutex_lock+0x15/0xa0
  [  413.311025] PGD 1c4ec067 PUD 0 
  [  413.311680] Oops: 0000 [#6] SMP 
  [  413.312007] CPU 0

Edit: disregard the timestamp above, VM has not synced with NTP for some time.

[sd_]

Frankly, I have to apologize I've never bothered with testing on ubuntu. That niche (workstations and small servers) is different beast for somebody else to bite.

[yebyen]

So, the question is, are we safe this time? Or do we just need a better exploit code to be written for us? :)

[fragmede]

just need better exploit code