"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," reads the advisory. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."
"Specifically, the futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0," Cook wrote Thursday on Seclists.org. "This flaw is especially urgent to fix because futex tends to be available within most Linux sandboxes (because it is used as a glibc pthread primitive)."