CVE-2014-3153 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2014-3153

CVE-2014-3153

June 07, 2014

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Related Resources (43)

http://www.exploit-db.com/exploits/35370

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339

http://www.openwall.com/lists/oss-security/2021/02/01/4

http://www.openwall.com/lists/oss-security/2014/06/05/22

http://secunia.com/advisories/59262

http://www.ubuntu.com/usn/USN-2240-1

http://secunia.com/advisories/59309

https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html

http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html

http://linux.oracle.com/errata/ELSA-2014-3037.html

http://linux.oracle.com/errata/ELSA-2014-3039.html

http://secunia.com/advisories/59153

http://www.securitytracker.com/id/1030451

https://bugzilla.redhat.com/show_bug.cgi?id=1103626

http://secunia.com/advisories/59029

https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8

http://secunia.com/advisories/58500

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html

https://github.com/elongl/CVE-2014-3153

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

http://www.ubuntu.com/usn/USN-2237-1

http://openwall.com/lists/oss-security/2014/06/06/20

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html

http://secunia.com/advisories/58990

http://secunia.com/advisories/59386

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

http://openwall.com/lists/oss-security/2014/06/05/24

http://linux.oracle.com/errata/ELSA-2014-3038.html

https://www.openwall.com/lists/oss-security/2021/02/01/4

http://www.securityfocus.com/bid/67906

http://www.debian.org/security/2014/dsa-2949

https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3153

http://secunia.com/advisories/59092

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

http://rhn.redhat.com/errata/RHSA-2014-0800.html

http://secunia.com/advisories/59599

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153

https://access.redhat.com/security/cve/CVE-2014-3153

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

http://linux.oracle.com/errata/ELSA-2014-0771.html

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

ATTACKED

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Exploit Maturity

HIGH

CVSS v2

Base Score:

7.2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

EPSS

Base Score:

68.89