CVE-2014-3153
high-risk
Published 2014-06-07
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Do I need to act?
!
68.9% chance of exploitation in next 30 days
EPSS score — higher than 31% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (14)
References (79)
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0771.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3037.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3038.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3039.html
Mailing List
http://openwall.com/lists/oss-security/2014/06/05/24
Mailing List
http://openwall.com/lists/oss-security/2014/06/06/20
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0800.html
Broken Link
http://secunia.com/advisories/58500
Broken Link
http://secunia.com/advisories/58990
Broken Link
http://secunia.com/advisories/59029
Broken Link
http://secunia.com/advisories/59092
Broken Link
http://secunia.com/advisories/59153
Broken Link
http://secunia.com/advisories/59262
and 59 more references
68
/ 100
high-risk
Severity
24/34 · High
Exploitability
26/34 · High
Exposure
18/34 · Moderate