← Back to CVEs
CVE-2014-3153
HIGHCISA KEV7.8
Description
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/7/2014
Last Modified10/22/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorLinux
ProductKernel
Vulnerability NameLinux Kernel Privilege Escalation Vulnerability
KEV Date Added2022-05-25
Remediation Due Date2022-06-15
Ransomware UseUnknown
Affected Products
canonical:ubuntu_linuxlinux:linux_kernelopensuse:opensuseoracle:linuxredhat:enterprise_linux_server_aussuse:linux_enterprise_desktopsuse:linux_enterprise_high_availability_extensionsuse:linux_enterprise_real_time_extensionsuse:linux_enterprise_server
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8(chrome-cve-admin@google.com)
http://linux.oracle.com/errata/ELSA-2014-0771.html(chrome-cve-admin@google.com)
http://linux.oracle.com/errata/ELSA-2014-3037.html(chrome-cve-admin@google.com)
http://linux.oracle.com/errata/ELSA-2014-3038.html(chrome-cve-admin@google.com)
http://linux.oracle.com/errata/ELSA-2014-3039.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html(chrome-cve-admin@google.com)
http://openwall.com/lists/oss-security/2014/06/05/24(chrome-cve-admin@google.com)
http://openwall.com/lists/oss-security/2014/06/06/20(chrome-cve-admin@google.com)
http://rhn.redhat.com/errata/RHSA-2014-0800.html(chrome-cve-admin@google.com)
http://secunia.com/advisories/58500(chrome-cve-admin@google.com)
http://secunia.com/advisories/58990(chrome-cve-admin@google.com)
http://secunia.com/advisories/59029(chrome-cve-admin@google.com)
http://secunia.com/advisories/59092(chrome-cve-admin@google.com)
http://secunia.com/advisories/59153(chrome-cve-admin@google.com)
http://secunia.com/advisories/59262(chrome-cve-admin@google.com)
http://secunia.com/advisories/59309(chrome-cve-admin@google.com)
http://secunia.com/advisories/59386(chrome-cve-admin@google.com)
http://secunia.com/advisories/59599(chrome-cve-admin@google.com)
http://www.debian.org/security/2014/dsa-2949(chrome-cve-admin@google.com)
http://www.exploit-db.com/exploits/35370(chrome-cve-admin@google.com)
http://www.openwall.com/lists/oss-security/2014/06/05/22(chrome-cve-admin@google.com)
http://www.openwall.com/lists/oss-security/2021/02/01/4(chrome-cve-admin@google.com)
http://www.securityfocus.com/bid/67906(chrome-cve-admin@google.com)
http://www.securitytracker.com/id/1030451(chrome-cve-admin@google.com)
http://www.ubuntu.com/usn/USN-2237-1(chrome-cve-admin@google.com)
http://www.ubuntu.com/usn/USN-2240-1(chrome-cve-admin@google.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1103626(chrome-cve-admin@google.com)
https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html(chrome-cve-admin@google.com)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e(chrome-cve-admin@google.com)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339(chrome-cve-admin@google.com)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270(chrome-cve-admin@google.com)
https://github.com/elongl/CVE-2014-3153(chrome-cve-admin@google.com)
https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8(chrome-cve-admin@google.com)
https://www.openwall.com/lists/oss-security/2021/02/01/4(chrome-cve-admin@google.com)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8(af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-0771.html(af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-3037.html(af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-3038.html(af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-3039.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2014/06/05/24(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2014/06/06/20(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0800.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/58500(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/58990(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59029(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59092(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59153(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59262(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59309(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59386(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59599(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-2949(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/35370(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/06/05/22(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/02/01/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/67906(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030451(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2237-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2240-1(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1103626(af854a3a-2127-422b-91ae-364da2661108)
https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/elongl/CVE-2014-3153(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/02/01/4(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.