CVE-2014-3153

Severity

72%

Complexity

39%

Confidentiality

165%

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 10 years ago

2014-06-07 14:55:00

Last updated 5 years ago

2019-04-22 17:48:00

Affected Software

Linux Kernel 3.14

3.14

Linux Kernel 3.14 release candidate 1

3.14

Linux Kernel 3.14 release candidate 2

3.14

Linux Kernel 3.14 release candidate 3

3.14

Linux Kernel 3.14 release candidate 4

3.14

Linux Kernel 3.14 release candidate 5

3.14

Linux Kernel 3.14 release candidate 6

3.14

Linux Kernel 3.14 release candidate 7

3.14

Linux Kernel 3.14 release candidate 8

3.14

Linux Kernel 3.14.1

3.14.1

Linux Kernel 3.14.2

3.14.2

Linux Kernel 3.14.3

3.14.3

Linux Kernel 3.14.4

3.14.4

Linux Kernel

RedHat Enterprise MRG 2.0

2.0

Red Hat Enterprise Linux 6.0

6.0

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8

Patch

http://linux.oracle.com/errata/ELSA-2014-0771.html

http://linux.oracle.com/errata/ELSA-2014-3037.html

http://linux.oracle.com/errata/ELSA-2014-3038.html

http://linux.oracle.com/errata/ELSA-2014-3039.html

SUSE-SU-2014:0775

SUSE-SU-2014:0796

SUSE-SU-2014:0837

openSUSE-SU-2014:0878

SUSE-SU-2014:1316

SUSE-SU-2014:1319

[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)

[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)

RHSA-2014:0800

58500

58990

59029

59092

59153

59262

59309

59386

59599

DSA-2949

35370

[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)

67906

1030451

USN-2237-1

USN-2240-1

https://bugzilla.redhat.com/show_bug.cgi?id=1103626

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.