CVE-2014-3153
100Vexday Risk Score
Patch now. It under exploitation confirmed by CISA and has a working public exploit.
ssvc Actcvss 7.8epss 37%
from disclosure to weapon47 days
Published on NVDJun 7
1st PoC+47d
metasploitMay 3
CISA KEV+2909d
exploitation probability
37%top 2% of all CVEs
observed exploitation
yesCISA + VulnCheck
20 public exploit(s)
Action required by CISAfederal deadline: 2022-06-15
Apply updates per vendor instructions.
In short
A flaw in Linux kernel's futex (fast userspace mutex) handling allows a local user to manipulate system processes by sending a specially crafted command, leading to privilege escalation.
Technical detail
The futex_requeue function in kernel/futex.c fails to validate that requeue operations involve distinct futex addresses, allowing local attackers to exploit unsafe waiter list manipulation via a crafted FUTEX_REQUEUE syscall to achieve privilege escalation.
Summary generated and translated by AI from the official description.
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 20
githubgithub.com/timwr/CVE-2014-3153★ 123githubgithub.com/geekben/towelroot★ 46githubgithub.com/android-rooting-tools/libfutex_exploit★ 19githubgithub.com/lieanu/CVE-2014-3153★ 18githubgithub.com/dangtunguyen/TowelRoot★ 17githubgithub.com/elongl/CVE-2014-3153★ 13githubgithub.com/zerodavinci/CVE-2014-3153-exploit★ 5githubgithub.com/c4mx/Linux-kernel-code-injection_CVE-2014-3153★ 0githubgithub.com/c3c/CVE-2014-3153★ 0vulncheckvulncheck.com/xdb/5a9f900eacd4unverifiedvulncheckvulncheck.com/xdb/d3ba259b964eunverifiedvulncheckvulncheck.com/xdb/c58b69fea619unverifiedexploitdbwww.exploit-db.com/exploits/35370unverifiedcve_referencewww.exploit-db.com/exploits/35370unverifiedvulncheckvulncheck.com/xdb/406d42ee9247unverifiedvulncheckvulncheck.com/xdb/5c48d01caa75unverifiedvulncheckvulncheck.com/xdb/476b6caadabbunverifiedvulncheckvulncheck.com/xdb/6457f28f2fe3unverifiedvulncheckvulncheck.com/xdb/a7cd31418561unverifiedvulncheckvulncheck.com/xdb/a30108e9b7daunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8http://linux.oracle.com/errata/ELSA-2014-0771.htmlhttp://linux.oracle.com/errata/ELSA-2014-3037.htmlhttp://linux.oracle.com/errata/ELSA-2014-3038.htmlhttp://linux.oracle.com/errata/ELSA-2014-3039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlhttp://openwall.com/lists/oss-security/2014/06/05/24