{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-02T06:37:16", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "67906", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67906"}, {"name": "openSUSE-SU-2014:0878", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"}, {"name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/06/05/24"}, {"name": "59029", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59029"}, {"name": "DSA-2949", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2949"}, {"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "SUSE-SU-2014:0796", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"}, {"name": "59262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59262"}, {"name": "58990", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58990"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"}, {"name": "59153", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59153"}, {"name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/06/06/20"}, {"name": "59309", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59309"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"}, {"name": "1030451", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030451"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "SUSE-SU-2014:0775", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"}, {"name": "RHSA-2014:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "USN-2237-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2237-1"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"}, {"name": "58500", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58500"}, {"name": "USN-2240-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2240-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"}, {"name": "59386", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59386"}, {"name": "35370", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/35370"}, {"name": "59599", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59599"}, {"name": "SUSE-SU-2014:0837", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"}, {"name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"}, {"name": "59092", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59092"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"}, {"name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"}, {"tags": ["x_refsource_MISC"], "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/elongl/CVE-2014-3153"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2014-3153", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67906", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67906"}, {"name": "openSUSE-SU-2014:0878", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"}, {"name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/06/05/24"}, {"name": "59029", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59029"}, {"name": "DSA-2949", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2949"}, {"name": "SUSE-SU-2014:1316", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "SUSE-SU-2014:0796", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"}, {"name": "59262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59262"}, {"name": "58990", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58990"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e", "refsource": "CONFIRM", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339", "refsource": "CONFIRM", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-3037.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"}, {"name": "59153", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59153"}, {"name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/06/06/20"}, {"name": "59309", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59309"}, {"name": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"}, {"name": "1030451", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030451"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-0771.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "SUSE-SU-2014:0775", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"}, {"name": "RHSA-2014:0800", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "USN-2237-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2237-1"}, {"name": "SUSE-SU-2014:1319", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-3039.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270", "refsource": "CONFIRM", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"}, {"name": "58500", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58500"}, {"name": "USN-2240-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2240-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"}, {"name": "59386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59386"}, {"name": "35370", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/35370"}, {"name": "59599", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59599"}, {"name": "SUSE-SU-2014:0837", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"}, {"name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"}, {"name": "59092", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59092"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-3038.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"}, {"name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"}, {"name": "https://www.openwall.com/lists/oss-security/2021/02/01/4", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"}, {"name": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html", "refsource": "MISC", "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"}, {"name": "https://github.com/elongl/CVE-2014-3153", "refsource": "MISC", "url": "https://github.com/elongl/CVE-2014-3153"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:56.633Z"}, "title": "CVE Program Container", "references": [{"name": "67906", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67906"}, {"name": "openSUSE-SU-2014:0878", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"}, {"name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/06/05/24"}, {"name": "59029", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59029"}, {"name": "DSA-2949", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2949"}, {"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "SUSE-SU-2014:0796", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"}, {"name": "59262", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59262"}, {"name": "58990", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58990"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"}, {"name": "59153", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59153"}, {"name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/06/06/20"}, {"name": "59309", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59309"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"}, {"name": "1030451", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030451"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "SUSE-SU-2014:0775", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"}, {"name": "RHSA-2014:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "USN-2237-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2237-1"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"}, {"name": "58500", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58500"}, {"name": "USN-2240-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2240-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"}, {"name": "59386", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59386"}, {"name": "35370", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/35370"}, {"name": "59599", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59599"}, {"name": "SUSE-SU-2014:0837", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"}, {"name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"}, {"name": "59092", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59092"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"}, {"name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/elongl/CVE-2014-3153"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-3153", "datePublished": "2014-06-07T14:00:00", "dateReserved": "2014-05-03T00:00:00", "dateUpdated": "2024-08-06T10:35:56.633Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-06-15", "cisaExploitAdd": "2022-05-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C788C70-FEF6-43C2-BF1B-9F6BAC084B49", "versionEndExcluding": "3.2.60", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB7FAE85-A7F7-403F-B3F8-51D26A7AD5CF", "versionEndExcluding": "3.4.92", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F7D3761-1031-4407-9D83-51387E0EFAE3", "versionEndExcluding": "3.10.42", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "865055FF-2CF7-477F-A939-DE7EB4F0F88D", "versionEndExcluding": "3.12.22", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "281F5CC1-AF2E-4076-A09D-3E808A9F6896", "versionEndExcluding": "3.14.6", "versionStartIncluding": "3.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."}, {"lang": "es", "value": "La funci\u00f3n futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de un comando FUTEX_REQUEUE manipulado que facilita la modificaci\u00f3n insegura del objeto o funci\u00f3n a la espera."}], "id": "CVE-2014-3153", "lastModified": "2024-07-02T12:17:50.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2014-06-07T14:55:27.240", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2014/06/05/24"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2014/06/06/20"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/58500"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/58990"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59029"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59092"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59153"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59262"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59309"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59386"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59599"}, {"source": "chrome-cve-admin@google.com", "tags": ["Exploit"], "url": "http://www.debian.org/security/2014/dsa-2949"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/35370"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/67906"}, {"source": "chrome-cve-admin@google.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030451"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2237-1"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2240-1"}, {"source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"}, {"source": "chrome-cve-admin@google.com", "tags": ["Exploit"], "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"}, {"source": "chrome-cve-admin@google.com", "tags": ["Third Party Advisory"], "url": "https://github.com/elongl/CVE-2014-3153"}, {"source": "chrome-cve-admin@google.com", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:0771", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-431.20.3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-06-19T00:00:00Z"}, {"advisory": "RHSA-2014:0800", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.52.1.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0900", "cpe": "cpe:/o:redhat:rhel_eus:6.4", "package": "kernel-0:2.6.32-358.46.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support", "release_date": "2014-07-17T00:00:00Z"}, {"advisory": "RHSA-2014:0786", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.4.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-06-24T00:00:00Z"}, {"advisory": "RHSA-2014:0913", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.10.33-rt32.43.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-07-22T00:00:00Z"}], "bugzilla": {"description": "kernel: futex: pi futexes requeue issue", "id": "1103626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"}, "csaw": false, "cvss": {"cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified"}, "details": ["The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.", "A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system."], "name": "CVE-2014-3153", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3153\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3153\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue did not affect the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue requires local system access to be exploited. We are currently not aware of any working exploit for Red Hat Enterprise Linux 6 or Red Hat Enterprise MRG 2.", "threat_severity": "Important"}