1. Home
  2. Vulnerabilities
  3. CVE-2014-3153

CVE-2014-3153

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.63 % (79th)
0.63% Progress
Affected Products 9
Advisories 57
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Chrome
Published Date
2014-06-07 14:55:27
(10 years ago)
Updated Date
2024-07-02 12:17:50
(2 months ago)
Linux Kernel Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-3153
Vendor
Linux
Product
Kernel
In CISA Catalog from
2022-05-25
(2 years ago)
Due Date
2022-06-15
(2 years ago)

Affected Products

Canonical

Linux

Opensuse

Oracle

Redhat

Suse

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 3.2.60 version cpe:2.3:o:linux:linux_kernel < 3.2.60
  Linux Kernel from 3.3 version and prior 3.4.92 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.4.92
  Linux Kernel from 3.5 version and prior 3.10.42 version cpe:2.3:o:linux:linux_kernel >= 3.5 < 3.10.42
  Linux Kernel from 3.11 version and prior 3.12.22 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.22
  Linux Kernel from 3.13 version and prior 3.14.6 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.14.6

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux Server Aus 6.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2

Configuration #3

    CPE23 From Up To
  Opensuse 11.4 cpe:2.3:o:opensuse:opensuse:11.4
  Suse Linux Enterprise Desktop 11 SP3 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3
  Suse Linux Enterprise High Availability Extension 11 SP3 cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3
  Suse Linux Enterprise Real Time Extension 11 SP3 cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
  Suse Linux Enterprise Server 11 cpe:2.3:o:suse:linux_enterprise_server:11:-
  Suse Linux Enterprise Server 11 SP2 cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss
  Suse Linux Enterprise Server 11 SP3 For cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-
  Suse Linux Enterprise Server 11 SP3 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm

Configuration #5

    CPE23 From Up To
  Oracle Linux 5 cpe:2.3:o:oracle:linux:5:-
  Oracle Linux 6 cpe:2.3:o:oracle:linux:6:-