Lucene search
AmazonALAS-2014-363HistoryJun 15, 2014 - 4:30 p.m.
Medium: kernel
2014-06-1516:30:00
alas.aws.amazon.com
29
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
47.0%
Issue Overview:
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.
New Packages:
i686:
kernel-debuginfo-common-i686-3.10.42-52.145.amzn1.i686
kernel-3.10.42-52.145.amzn1.i686
perf-debuginfo-3.10.42-52.145.amzn1.i686
kernel-devel-3.10.42-52.145.amzn1.i686
kernel-debuginfo-3.10.42-52.145.amzn1.i686
kernel-headers-3.10.42-52.145.amzn1.i686
perf-3.10.42-52.145.amzn1.i686
noarch:
kernel-doc-3.10.42-52.145.amzn1.noarch
src:
kernel-3.10.42-52.145.amzn1.src
x86_64:
kernel-3.10.42-52.145.amzn1.x86_64
perf-3.10.42-52.145.amzn1.x86_64
perf-debuginfo-3.10.42-52.145.amzn1.x86_64
kernel-headers-3.10.42-52.145.amzn1.x86_64
kernel-devel-3.10.42-52.145.amzn1.x86_64
kernel-debuginfo-common-x86_64-3.10.42-52.145.amzn1.x86_64
kernel-debuginfo-3.10.42-52.145.amzn1.x86_64
Additional References
Red Hat: CVE-2014-3153
Mitre: CVE-2014-3153
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | kernel-debuginfo-common-i686 | < 3.10.42-52.145.amzn1 | kernel-debuginfo-common-i686-3.10.42-52.145.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | kernel | < 3.10.42-52.145.amzn1 | kernel-3.10.42-52.145.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | perf-debuginfo | < 3.10.42-52.145.amzn1 | perf-debuginfo-3.10.42-52.145.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | kernel-devel | < 3.10.42-52.145.amzn1 | kernel-devel-3.10.42-52.145.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | kernel-debuginfo | < 3.10.42-52.145.amzn1 | kernel-debuginfo-3.10.42-52.145.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | kernel-headers | < 3.10.42-52.145.amzn1 | kernel-headers-3.10.42-52.145.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | perf | < 3.10.42-52.145.amzn1 | perf-3.10.42-52.145.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | kernel-doc | < 3.10.42-52.145.amzn1 | kernel-doc-3.10.42-52.145.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | kernel | < 3.10.42-52.145.amzn1 | kernel-3.10.42-52.145.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | perf | < 3.10.42-52.145.amzn1 | perf-3.10.42-52.145.amzn1.x86_64.rpm |
Related
threatpost
threatpost
Android Root Access Vulnerability Affecting Most Devices
2014-06-17 10:47:45
Google Play Hit With Rash of Auto-Rooting Malware
2016-06-28 12:29:57
CopyCat Malware Infected 14M Android Devices, Rooted 8M, in 2016
2017-07-06 13:49:02
canvas
canvas
Immunity Canvas: LINUX_FUTEX_REQUEUE
2014-06-07 14:55:00
securityvulns
securityvulns
[oss-security] Linux kernel futex local privilege escalation (CVE-2014-3153)
2014-06-09 00:00:00
Linux privilege escalation
2014-06-09 00:00:00
packetstorm
packetstorm
Android Futex Requeue Kernel Exploit
2015-02-09 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3038)
2014-06-09 00:00:00
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3037)
2014-06-09 00:00:00
Amazon Linux AMI : kernel (ALAS-2014-363)
2014-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-3153
2014-06-05 00:00:00
saint
saint
Linux kernel futex_requeue privilege elevation
2014-12-03 00:00:00
Linux kernel futex_requeue privilege elevation
2014-12-03 00:00:00
Linux kernel futex_requeue privilege elevation
2014-12-03 00:00:00
cloudfoundry
cloudfoundry
CVE-2014-3153 Futex requeue exploit | Cloud Foundry
2014-08-18 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-3039)
2015-10-06 00:00:00
SUSE: Security Advisory for Linux (SUSE-SU-2014:0837-2)
2015-10-15 00:00:00
SUSE: Security Advisory for Linux (SUSE-SU-2014:0837-1)
2015-10-16 00:00:00
ubuntu
ubuntu
Linux kernel (Quantal HWE) vulnerability
2014-06-05 00:00:00
Linux kernel (Raring HWE) vulnerabilities
2014-06-05 00:00:00
Linux kernel vulnerabilities
2014-06-05 00:00:00
zdt
zdt
Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit
2014-11-26 00:00:00
Android Futex Requeue Kernel Exploit
2015-02-10 00:00:00
attackerkb
attackerkb
CVE-2014-3153
2014-06-07 00:00:00
android
android
TowelRoot
2014-06-05 00:00:00
cve
cve
CVE-2014-3153
2014-06-07 14:55:00
altlinux
altlinux
prion
prion
Command injection
2014-06-07 14:55:00
debiancve
debiancve
CVE-2014-3153
2014-06-07 14:55:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2014-06-06 00:00:00
Unbreakable Enterprise kernel security update
2014-06-07 00:00:00
unbreakable enterprise kernel security update
2014-06-07 00:00:00
hackerone
hackerone
Sandbox Escape: Linux PI futex self-requeue bug
2014-05-26 05:00:49
suse
suse
kernel update fixes local privilege escalation and a regression causing a crash if IPsec peer is unavailable (important)
2014-07-08 20:04:15
Security update for Linux Kernel (important)
2014-06-25 00:04:51
Security update for Linux Kernel (critical)
2014-06-11 05:04:34
thn
thn
Towelroot : One-Click Android Rooting Tool Released By Geohot
2014-06-17 22:49:00
Over 1 Million Google Accounts Hacked by 'Gooligan' Android Malware
2016-11-30 05:44:00
CopyCat Android Rooting Malware Infected 14 Million Devices
2017-07-06 05:17:00
cisa_kev
cisa_kev
Linux Kernel Privilege Escalation Vulnerability
2022-05-25 00:00:00
exploitpack
exploitpack
Linux Kernel 3.14.5 (CentOS 7 RHEL) - libfutex Local Privilege Escalation
2014-11-25 00:00:00
metasploit
metasploit
Android 'Towelroot' Futex Requeue Kernel Exploit
2014-12-01 03:49:22
exploitdb
exploitdb
osv
osv
linux-2.6 - security update
2014-06-18 00:00:00
linux - security update
2014-06-05 00:00:00
openssl - security update
2014-06-05 00:00:00
chrome
chrome
Stable Channel Update for Chrome OS
2014-06-10 00:00:00
debian
debian
[SECURITY] [DSA 2949-1] linux security update
2014-06-05 12:15:58
[SECURITY] [DSA 2949-1] linux security update
2014-06-05 12:15:58
[SECURITY] [DSA 2950-1] openssl security update
2014-06-05 11:51:34
redhat
redhat
(RHSA-2014:0900) Important: kernel security and bug fix update
2014-07-17 00:00:00
(RHSA-2014:0800) Important: kernel security update
2014-06-26 00:00:00
(RHSA-2014:0771) Important: kernel security and bug fix update
2014-06-19 00:00:00
amazon
amazon
Medium: kernel
2014-08-21 11:03:00
mageia
mageia
Updated kernel packages fixes security vulnerabilities.
2014-06-19 00:50:01
Updated kernel packages fixes security vulnerabilities
2014-06-23 01:13:23
Updated kernel-tmb package fixes security vulnerabilities
2014-08-18 13:14:56
securelist
securelist
Skygofree: Following in the footsteps of HackingTeam
2018-01-16 10:00:58
centos
centos
kernel, perf, python security update
2014-06-20 10:10:41
veracode
veracode
Information Disclosure
2019-05-02 05:03:36
Information Disclosure
2019-05-02 05:03:36
Privilege Escalation
2019-05-02 05:03:36
kitploit
kitploit
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.14.6-200.fc20
2014-06-11 16:31:10
[SECURITY] Fedora 20 Update: kernel-3.14.8-200.fc20
2014-06-18 22:25:48
[SECURITY] Fedora 20 Update: kernel-3.14.9-200.fc20
2014-06-30 10:29:23
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
47.0%
Related for ALAS-2014-363