7.8

CVE-2014-3153

Warnung
Exploit
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.60
LinuxLinux Kernel Version >= 3.3 < 3.4.92
LinuxLinux Kernel Version >= 3.5 < 3.10.42
LinuxLinux Kernel Version >= 3.11 < 3.12.22
LinuxLinux Kernel Version >= 3.13 < 3.14.6
OpensuseOpensuse Version11.4
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Real Time Extension Version11 Updatesp3
SuseLinux Enterprise Server Version11 Update-
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
OracleLinux Version5 Update-
OracleLinux Version6 Update-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Privilege Escalation Vulnerability

Schwachstelle

The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 37.23% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
Third Party Advisory
Mailing List
http://linux.oracle.com/errata/ELSA-2014-0771.html
Third Party Advisory
http://secunia.com/advisories/59262
Broken Link
http://secunia.com/advisories/59309
Broken Link
http://secunia.com/advisories/59386
Broken Link
http://secunia.com/advisories/59599
Broken Link
http://www.ubuntu.com/usn/USN-2240-1
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0800.html
Third Party Advisory
http://secunia.com/advisories/58990
Broken Link
http://www.debian.org/security/2014/dsa-2949
Exploit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8
Broken Link
http://linux.oracle.com/errata/ELSA-2014-3037.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3038.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3039.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2014/06/05/24
Mailing List
http://openwall.com/lists/oss-security/2014/06/06/20
Mailing List
http://secunia.com/advisories/58500
Broken Link
http://secunia.com/advisories/59029
Broken Link
http://secunia.com/advisories/59092
Broken Link
http://secunia.com/advisories/59153
Broken Link
http://www.exploit-db.com/exploits/35370
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2014/06/05/22
Mailing List
http://www.openwall.com/lists/oss-security/2021/02/01/4
Mailing List
http://www.securityfocus.com/bid/67906
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030451
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-2237-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1103626
Third Party Advisory
Issue Tracking
https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html
Exploit
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e
Patch
Mailing List
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339
Patch
Mailing List
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270
Patch
Mailing List
https://github.com/elongl/CVE-2014-3153
Third Party Advisory
https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8
Patch
https://www.openwall.com/lists/oss-security/2021/02/01/4
Mailing List
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153
US Government Resource