Debian Security Bug TrackerDEBIANCVE:CVE-2014-3153

HistoryJun 07, 2014 - 2:55 p.m.

Vulners
/
Debiancve
/
CVE-2014-3153

CVE-2014-3153

2014-06-0714:55:27

Debian Security Bug Tracker

security-tracker.debian.org

140

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.1%

JSON

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 3.14.5-1linux_3.14.5-1_all.deb
Debian11alllinux< 3.14.5-1linux_3.14.5-1_all.deb
Debian999alllinux< 3.14.5-1linux_3.14.5-1_all.deb
Debian13alllinux< 3.14.5-1linux_3.14.5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 3.14.5-1	linux_3.14.5-1_all.deb
Debian	11	all	linux	< 3.14.5-1	linux_3.14.5-1_all.deb
Debian	999	all	linux	< 3.14.5-1	linux_3.14.5-1_all.deb
Debian	13	all	linux	< 3.14.5-1	linux_3.14.5-1_all.deb

openvas 59

saint 4

attackerkb 1

android 1

zdt 2

cve 1

prion 1

amazon 2

threatpost 6

altlinux 3

cvelist 1

nessus 37

canvas 1

cloudfoundry 1

packetstorm 1

ubuntucve 1

securityvulns 2

ubuntu 10

suse 10

hackerone 1

oraclelinux 6

cisa_kev 1

thn 5

nvd 1

metasploit 1

exploitdb 1

exploitpack 1

chrome 1

osv 3

redhat 6

debian 3

mageia 8

securelist 1

centos 1

veracode 7

kitploit 1

fedora 7

openvas

Oracle: Security Advisory (ELSA-2014-3038)

2015-10-06 00:00:00

Oracle: Security Advisory (ELSA-2014-3037)

2015-10-06 00:00:00

SUSE: Security Advisory for Linux (SUSE-SU-2014:0837-1)

2015-10-16 00:00:00

saint

Linux kernel futex_requeue privilege elevation

2014-12-03 00:00:00

Linux kernel futex_requeue privilege elevation

2014-12-03 00:00:00

Linux kernel futex_requeue privilege elevation

2014-12-03 00:00:00

attackerkb

CVE-2014-3153

2014-06-07 00:00:00

android

TowelRoot

2014-06-05 00:00:00

zdt

Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit

2014-11-26 00:00:00

Android Futex Requeue Kernel Exploit

2015-02-10 00:00:00

cve

CVE-2014-3153

2014-06-07 14:55:27

prion

Command injection

2014-06-07 14:55:00

amazon

Medium: kernel

2014-06-15 16:30:00

Medium: kernel

2014-08-21 11:03:00

threatpost

CopyCat Malware Infected 14M Android Devices, Rooted 8M, in 2016

2017-07-06 13:49:02

Android Ransomware Attacks Using Towelroot, Hacking Team Exploits

2016-04-25 15:36:33

Google Play Hit With Rash of Auto-Rooting Malware

2016-06-28 12:29:57

altlinux

Security fix for the ALT Linux 7 package kernel-image-un-def version 1:3.14.5-alt2

2014-06-06 00:00:00

Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt23

2014-06-09 00:00:00

Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt25

2014-06-21 00:00:00

cvelist

CVE-2014-3153

2014-06-07 14:00:00

nessus

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3037)

2014-06-09 00:00:00

Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3038)

2014-06-09 00:00:00

Amazon Linux AMI : kernel (ALAS-2014-363)

2014-10-12 00:00:00

canvas

Immunity Canvas: LINUX_FUTEX_REQUEUE

2014-06-07 14:55:00

cloudfoundry

CVE-2014-3153 Futex requeue exploit | Cloud Foundry

2014-08-18 00:00:00

packetstorm

Android Futex Requeue Kernel Exploit

2015-02-09 00:00:00

ubuntucve

CVE-2014-3153

2014-06-05 00:00:00

securityvulns

[oss-security] Linux kernel futex local privilege escalation (CVE-2014-3153)

2014-06-09 00:00:00

Linux privilege escalation

2014-06-09 00:00:00

ubuntu

Linux kernel (Quantal HWE) vulnerability

2014-06-05 00:00:00

Linux kernel (Raring HWE) vulnerabilities

2014-06-05 00:00:00

Linux kernel (OMAP4) vulnerabilities

2014-06-05 00:00:00

suse

Security update for Linux Kernel (important)

2014-06-25 00:04:51

kernel update fixes local privilege escalation and a regression causing a crash if IPsec peer is unavailable (important)

2014-07-08 20:04:15

Security update for Linux Kernel (critical)

2014-06-11 05:04:34

hackerone

Sandbox Escape: Linux PI futex self-requeue bug

2014-05-26 05:00:49

oraclelinux

Unbreakable Enterprise kernel security update

2014-06-06 00:00:00

unbreakable enterprise kernel security update

2014-06-07 00:00:00

Unbreakable Enterprise kernel security update

2014-06-07 00:00:00

cisa_kev

Linux Kernel Privilege Escalation Vulnerability

2022-05-25 00:00:00

thn

Towelroot : One-Click Android Rooting Tool Released By Geohot

2014-06-17 22:49:00

Over 1 Million Google Accounts Hacked by 'Gooligan' Android Malware

2016-11-30 05:44:00

CopyCat Android Rooting Malware Infected 14 Million Devices

2017-07-06 05:17:00

nvd

CVE-2014-3153

2014-06-07 14:55:27

metasploit

Android 'Towelroot' Futex Requeue Kernel Exploit

2014-12-01 03:49:22

exploitdb

Linux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Local Privilege Escalation

2014-11-25 00:00:00

exploitpack

Linux Kernel 3.14.5 (CentOS 7 RHEL) - libfutex Local Privilege Escalation

2014-11-25 00:00:00

chrome

Stable Channel Update for Chrome OS

2014-06-10 00:00:00

osv

linux-2.6 - security update

2014-06-18 00:00:00

linux - security update

2014-06-05 00:00:00

openssl - security update

2014-06-05 00:00:00

redhat

(RHSA-2014:0900) Important: kernel security and bug fix update

2014-07-17 00:00:00

(RHSA-2014:0800) Important: kernel security update

2014-06-26 00:00:00

(RHSA-2014:0771) Important: kernel security and bug fix update

2014-06-19 00:00:00

debian

[SECURITY] [DSA 2949-1] linux security update

2014-06-05 12:15:58

[SECURITY] [DSA 2949-1] linux security update

2014-06-05 12:15:58

[SECURITY] [DSA 2950-1] openssl security update

2014-06-05 11:51:34

mageia

Updated kernel packages fixes security vulnerabilities.

2014-06-19 00:50:01

Updated kernel packages fixes security vulnerabilities

2014-06-23 01:13:23

Updated kernel-tmb package fixes security vulnerabilities

2014-08-18 13:14:56

securelist

Skygofree: Following in the footsteps of HackingTeam

2018-01-16 10:00:58

centos

kernel, perf, python security update

2014-06-20 10:10:41

veracode

Denial Of Service (DoS)

2019-05-02 05:03:36

Denial Of Service (DoS)

2019-05-02 05:03:36

Information Disclosure

2019-05-02 05:03:36

kitploit

Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework

2017-11-04 13:30:00

fedora

[SECURITY] Fedora 20 Update: kernel-3.14.6-200.fc20

2014-06-11 16:31:10

[SECURITY] Fedora 20 Update: kernel-3.14.8-200.fc20

2014-06-18 22:25:48

[SECURITY] Fedora 20 Update: kernel-3.15.4-200.fc20

2014-07-11 02:02:48

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.1%

JSON

Related for DEBIANCVE:CVE-2014-3153