CVE-2014-3153

Confirmed PUBLISHED

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses,...

Linux · Linux Kernel
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High

At a Glance

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

linux cisa metasploit
CVE Published
Jun 07, 2014
Exploitation Reported
May 25, 2022
CVSS
7.8 High
EPSS
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • openSUSE-SU-2014:0878 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006...
  • DSA-2949 debian.org · Vendor Advisory http://www.debian.org/security/2014/dsa-2949
  • SUSE-SU-2014:1316 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006...
  • SUSE-SU-2014:0796 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018...
  • SUSE-SU-2014:0775 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014...
Show 34 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.