CVE-2014-3153
6.4 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
47.2%
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8
linux.oracle.com/errata/ELSA-2014-0771.html
linux.oracle.com/errata/ELSA-2014-3037.html
linux.oracle.com/errata/ELSA-2014-3038.html
linux.oracle.com/errata/ELSA-2014-3039.html
lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html
lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html
lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html
lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
openwall.com/lists/oss-security/2014/06/05/24
openwall.com/lists/oss-security/2014/06/06/20
rhn.redhat.com/errata/RHSA-2014-0800.html
secunia.com/advisories/58500
secunia.com/advisories/58990
secunia.com/advisories/59029
secunia.com/advisories/59092
secunia.com/advisories/59153
secunia.com/advisories/59262
secunia.com/advisories/59309
secunia.com/advisories/59386
secunia.com/advisories/59599
www.debian.org/security/2014/dsa-2949
www.exploit-db.com/exploits/35370
www.openwall.com/lists/oss-security/2014/06/05/22
www.openwall.com/lists/oss-security/2021/02/01/4
www.securityfocus.com/bid/67906
www.securitytracker.com/id/1030451
www.ubuntu.com/usn/USN-2237-1
www.ubuntu.com/usn/USN-2240-1
bugzilla.redhat.com/show_bug.cgi?id=1103626
elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270
github.com/elongl/CVE-2014-3153
github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8
www.openwall.com/lists/oss-security/2021/02/01/4
Social References
More
Related
6.4 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
47.2%