The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8 - | |
References | () http://secunia.com/advisories/58990 - | |
References | () http://openwall.com/lists/oss-security/2014/06/05/24 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html - | |
References | () http://www.ubuntu.com/usn/USN-2237-1 - | |
References | () https://www.openwall.com/lists/oss-security/2021/02/01/4 - | |
References | () http://linux.oracle.com/errata/ELSA-2014-3037.html - | |
References | () http://www.securitytracker.com/id/1030451 - | |
References | () http://secunia.com/advisories/59153 - | |
References | () http://linux.oracle.com/errata/ELSA-2014-3039.html - | |
References | () http://secunia.com/advisories/59309 - | |
References | () http://secunia.com/advisories/59092 - | |
References | () http://linux.oracle.com/errata/ELSA-2014-3038.html - | |
References | () https://github.com/elongl/CVE-2014-3153 - | |
References | () https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html - | |
References | () http://www.ubuntu.com/usn/USN-2240-1 - | |
References | () http://openwall.com/lists/oss-security/2014/06/06/20 - | |
References | () https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html - | |
References | () http://secunia.com/advisories/59029 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1103626 - | |
References | () http://secunia.com/advisories/58500 - | |
References | () https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339 - | |
References | () http://secunia.com/advisories/59262 - | |
References | () http://www.openwall.com/lists/oss-security/2021/02/01/4 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html - | |
References | () http://secunia.com/advisories/59386 - | |
References | () https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e - | |
References | () http://www.securityfocus.com/bid/67906 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html - | |
References | () http://www.openwall.com/lists/oss-security/2014/06/05/22 - | |
References | () http://secunia.com/advisories/59599 - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0800.html - | |
References | () http://linux.oracle.com/errata/ELSA-2014-0771.html - | |
References | () http://www.exploit-db.com/exploits/35370 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html - | |
References | () http://www.debian.org/security/2014/dsa-2949 - |
08 Feb 2021, 16:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2014/06/05/22 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/02/01/4 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 - Patch, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59386 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://linux.oracle.com/errata/ELSA-2014-3039.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59029 - Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1103626 - Issue Tracking, Patch, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/58990 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-2240-1 - Third Party Advisory | |
References | (CONFIRM) http://linux.oracle.com/errata/ELSA-2014-3038.html - Third Party Advisory | |
References | (CONFIRM) http://linux.oracle.com/errata/ELSA-2014-0771.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-0800.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59262 - Third Party Advisory | |
References | (CONFIRM) http://linux.oracle.com/errata/ELSA-2014-3037.html - Third Party Advisory | |
References | (MISC) https://github.com/elongl/CVE-2014-3153 - Third Party Advisory | |
References | (CONFIRM) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339 - Patch, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8 - Patch, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59599 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8 - Patch, Third Party Advisory | |
References | (MLIST) http://openwall.com/lists/oss-security/2014/06/05/24 - Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59092 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59153 - Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2021/02/01/4 - Mailing List, Third Party Advisory | |
References | (MLIST) http://openwall.com/lists/oss-security/2014/06/06/20 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e - Patch, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/67906 - Third Party Advisory, VDB Entry | |
References | (MISC) https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html - Exploit, Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1030451 - Third Party Advisory, VDB Entry | |
References | (EXPLOIT-DB) http://www.exploit-db.com/exploits/35370 - Exploit, Third Party Advisory, VDB Entry | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2014/dsa-2949 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-2237-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/58500 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59309 - Third Party Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14.3:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14.4:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14.2:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:* cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:* cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* |
02 Feb 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-06-07 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3153
Mitre link : CVE-2014-3153
CVE.ORG link : CVE-2014-3153
JSON object : View
Products Affected
redhat
- enterprise_linux_server_aus
suse
- linux_enterprise_real_time_extension
- linux_enterprise_server
- linux_enterprise_desktop
- linux_enterprise_high_availability_extension
opensuse
- opensuse
linux
- linux_kernel
CWE
CWE-269
Improper Privilege Management