Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2014-3153

Disclosure Date: June 07, 2014 •

CVE-2014-3153 CVSS v3 Base Score: 7.8

Exploited in the Wild

Reported by gwillcox-r7
View Source Details

Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

Metasploit Modules

Android 'Towelroot' Futex Requeue Kernel Exploit (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/android/local/futex_requeue.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: June 03, 2022 8:08pm UTC (2 years ago)

References

Canonical

CVE-2014-3153 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153)

BID-67906 (http://www.securityfocus.com/bid/67906)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html

[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153) (http://openwall.com/lists/oss-security/2014/06/05/24)

SECUNIA-59029 (http://secunia.com/advisories/59029)

DSA-2949 (http://www.debian.org/security/2014/dsa-2949)

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html

SECUNIA-59262 (http://secunia.com/advisories/59262)

SECUNIA-58990 (http://secunia.com/advisories/58990)

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=54a217887a7b658e2650c3feff22756ab80c7339

http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8

http://linux.oracle.com/errata/ELSA-2014-3037.html

SECUNIA-59153 (http://secunia.com/advisories/59153)

[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153) (http://openwall.com/lists/oss-security/2014/06/06/20)

SECUNIA-59309 (http://secunia.com/advisories/59309)

https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8

SECTRACK-1030451 (http://www.securitytracker.com/id/1030451)

http://linux.oracle.com/errata/ELSA-2014-0771.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html

http://rhn.redhat.com/errata/RHSA-2014-0800.html

USN-2237-1 (http://www.ubuntu.com/usn/USN-2237-1)

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

http://linux.oracle.com/errata/ELSA-2014-3039.html

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

SECUNIA-58500 (http://secunia.com/advisories/58500)

USN-2240-1 (http://www.ubuntu.com/usn/USN-2240-1)

https://bugzilla.redhat.com/show_bug.cgi?id=1103626

SECUNIA-59386 (http://secunia.com/advisories/59386)

EXPLOIT-DB-35370 (http://www.exploit-db.com/exploits/35370)

SECUNIA-59599 (http://secunia.com/advisories/59599)

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html

[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153) (http://www.openwall.com/lists/oss-security/2014/06/05/22)

SECUNIA-59092 (http://secunia.com/advisories/59092)

http://linux.oracle.com/errata/ELSA-2014-3038.html

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes (http://www.openwall.com/lists/oss-security/2021/02/01/4)

Miscellaneous

https://www.openwall.com/lists/oss-security/2021/02/01/4

https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html

https://github.com/elongl/CVE-2014-3153

Rapid7

Technical Analysis