7.8

CVE-2014-3153

Warning

Exploit

EPSS 80.51%
Published 07.06.2014 14:55:27
Last modified 12.04.2025 10:46:40
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Affected products Warnungen 1 Metrics 4 CWE 0 References 42

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 3.2.60

Linux ≫ Linux Kernel Version >= 3.3 < 3.4.92

Linux ≫ Linux Kernel Version >= 3.5 < 3.10.42

Linux ≫ Linux Kernel Version >= 3.11 < 3.12.22

Linux ≫ Linux Kernel Version >= 3.13 < 3.14.6

Redhat ≫ Enterprise Linux Server Aus Version6.2

Opensuse ≫ Opensuse Version11.4

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp3

Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Update-

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Oracle ≫ Linux Version5 Update-

Oracle ≫ Linux Version6 Update-

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Privilege Escalation Vulnerability

Vulnerability

The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	80.51%	0.991

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

Third Party Advisory

Mailing List

http://linux.oracle.com/errata/ELSA-2014-0771.html

Third Party Advisory

http://secunia.com/advisories/59262

Broken Link

http://secunia.com/advisories/59309

Broken Link

http://secunia.com/advisories/59386

Broken Link

http://secunia.com/advisories/59599

Broken Link

http://www.ubuntu.com/usn/USN-2240-1

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0800.html

Third Party Advisory

http://secunia.com/advisories/58990

Broken Link

http://www.debian.org/security/2014/dsa-2949

Exploit

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8

Broken Link

http://linux.oracle.com/errata/ELSA-2014-3037.html

Third Party Advisory

http://linux.oracle.com/errata/ELSA-2014-3038.html

Third Party Advisory

http://linux.oracle.com/errata/ELSA-2014-3039.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html

Third Party Advisory

Mailing List

http://openwall.com/lists/oss-security/2014/06/05/24

Mailing List

http://openwall.com/lists/oss-security/2014/06/06/20

Mailing List

http://secunia.com/advisories/58500

Broken Link

http://secunia.com/advisories/59029

Broken Link

http://secunia.com/advisories/59092

Broken Link

http://secunia.com/advisories/59153

Broken Link

http://www.exploit-db.com/exploits/35370

Third Party Advisory

VDB Entry

http://www.openwall.com/lists/oss-security/2014/06/05/22

Mailing List

http://www.openwall.com/lists/oss-security/2021/02/01/4

Mailing List

http://www.securityfocus.com/bid/67906

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030451

Third Party Advisory

Broken Link

VDB Entry

http://www.ubuntu.com/usn/USN-2237-1

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1103626

Third Party Advisory

Issue Tracking

https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html

Exploit

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

Patch

Mailing List

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339

Patch

Mailing List

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

Patch

Mailing List

https://github.com/elongl/CVE-2014-3153

Third Party Advisory

https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8

Patch

https://www.openwall.com/lists/oss-security/2021/02/01/4

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2014-3153

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3153

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3153

EUVD