← back
CVE-2014-3153

CVE-2014-3153

CVSS 7.8 HIGHEPSS 37.2%● KEV
In short

A flaw in Linux kernel's futex (fast userspace mutex) handling allows a local user to manipulate system processes by sending a specially crafted command, leading to privilege escalation.

Technical detail

The futex_requeue function in kernel/futex.c fails to validate that requeue operations involve distinct futex addresses, allowing local attackers to exploit unsafe waiter list manipulation via a crafted FUTEX_REQUEUE syscall to achieve privilege escalation.

Summary generated and translated by AI from the official description.
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found11
githubgithub.com/timwr/CVE-2014-3153123githubgithub.com/geekben/towelroot46githubgithub.com/android-rooting-tools/libfutex_exploit19githubgithub.com/lieanu/CVE-2014-315318githubgithub.com/dangtunguyen/TowelRoot17githubgithub.com/elongl/CVE-2014-315313githubgithub.com/zerodavinci/CVE-2014-3153-exploit5githubgithub.com/c3c/CVE-2014-31530githubgithub.com/c4mx/Linux-kernel-code-injection_CVE-2014-31530exploitdbwww.exploit-db.com/exploits/35370unverifiedcve_referencewww.exploit-db.com/exploits/35370unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8http://linux.oracle.com/errata/ELSA-2014-0771.htmlhttp://linux.oracle.com/errata/ELSA-2014-3037.htmlhttp://linux.oracle.com/errata/ELSA-2014-3038.htmlhttp://linux.oracle.com/errata/ELSA-2014-3039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlhttp://openwall.com/lists/oss-security/2014/06/05/24