CVE-2014-3153
| CVE Published | 2014-06-07 |
|---|---|
| Related CWE(s) | CWE-269: Improper Privilege Management |
| Related Vendor(s) | redhat, oracle, suse, linux, canonical, opensuse |
| Related Product(s) | linux_enterprise_real_time_extension, enterprise_linux_server_aus, linux_kernel, linux, linux_enterprise_high_availability_extension, linux_enterprise_desktop, linux_enterprise_server, ubuntu_linux, opensuse |
| Exploitation Reported (CISA KEV) | 2022-05-25 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph