CVE-2014-3153
Advisory lineage Upstream: 0 Downstream: 18
Analyzed
Published: 07 Jun 2014, 14:00
Last modified:22 Oct 2025, 00:05
Vulnerability Summary
Overall Risk (default)
high
55/100 CVSS Score
7.8 HIGH
v3.1 (cve.org)
EPSS Score
68.89% CRITICAL
69% probability -3.30%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
4 found
Dark Web
Not detected
Timeline
07 Jun 2014, 14:00
Published
Vulnerability first disclosed
25 May 2022, 00:00
Added to CISA KEV
Linux Kernel Privilege Escalation Vulnerability
15 Jun 2022, 00:00
CISA Remediation Due
Apply updates per vendor instructions.
22 Oct 2025, 00:05
Last Modified
Vulnerability information updated
Description
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 68.89%• Percentile: 99%
Affected Systems
- canonical•ubuntu_linux
12.04 | 14.04
- linux•linux_kernel
< 3.2.60 | ≥ 3.3, < 3.4.92 | ≥ 3.5, < 3.10.42 | ≥ 3.11, < 3.12.22 | ≥ 3.13, < 3.14.6
- opensuse•opensuse
11.4
- oracle•linux
5 | 6
- redhat•enterprise_linux_server_aus
6.2
- suse•linux_enterprise_desktop
11:sp3
- suse•linux_enterprise_high_availability_extension
11:sp3
- suse•linux_enterprise_real_time_extension
11:sp3
- suse•linux_enterprise_server
11 | 11:sp2 | 11:sp3
References (40)
- http://www.securityfocus.com/bid/67906
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html
- http://openwall.com/lists/oss-security/2014/06/05/24
- http://secunia.com/advisories/59029
- http://www.debian.org/security/2014/dsa-2949
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/58990
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8
- http://linux.oracle.com/errata/ELSA-2014-3037.html
- http://secunia.com/advisories/59153
- http://openwall.com/lists/oss-security/2014/06/06/20
- http://secunia.com/advisories/59309
- https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8
- http://www.securitytracker.com/id/1030451
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2014-0800.html
- http://www.ubuntu.com/usn/USN-2237-1
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
- http://linux.oracle.com/errata/ELSA-2014-3039.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270
- http://secunia.com/advisories/58500
- http://www.ubuntu.com/usn/USN-2240-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1103626
- http://secunia.com/advisories/59386
- http://www.exploit-db.com/exploits/35370
- http://secunia.com/advisories/59599
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
- http://www.openwall.com/lists/oss-security/2014/06/05/22
- http://secunia.com/advisories/59092
- http://linux.oracle.com/errata/ELSA-2014-3038.html
- http://www.openwall.com/lists/oss-security/2021/02/01/4
- https://www.openwall.com/lists/oss-security/2021/02/01/4
- https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html
- https://github.com/elongl/CVE-2014-3153
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153