QwikSec

Security Database

CVE

CWE

Training

CVE-2014-3153

Published: Jun 7, 2014

Modified: Oct 22, 2025

PUBLISHED

Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

openSUSE-SU-2014:0878

vendor-advisory

x_refsource_SUSE

[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

SUSE-SU-2014:1316

vendor-advisory

x_refsource_SUSE

SUSE-SU-2014:0796

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

x_refsource_CONFIRM

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339

x_refsource_CONFIRM

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8

x_refsource_CONFIRM

http://linux.oracle.com/errata/ELSA-2014-3037.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

http://linux.oracle.com/errata/ELSA-2014-0771.html

x_refsource_CONFIRM

SUSE-SU-2014:0775

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

SUSE-SU-2014:1319

vendor-advisory

x_refsource_SUSE

http://linux.oracle.com/errata/ELSA-2014-3039.html

x_refsource_CONFIRM

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1103626

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

third-party-advisory

x_refsource_SECUNIA

SUSE-SU-2014:0837

vendor-advisory

x_refsource_SUSE

[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

http://linux.oracle.com/errata/ELSA-2014-3038.html

x_refsource_CONFIRM

[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes

mailing-list

x_refsource_MLIST

https://www.openwall.com/lists/oss-security/2021/02/01/4

x_refsource_MISC

https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html

x_refsource_MISC

https://github.com/elongl/CVE-2014-3153

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.