CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	3.2.60 (excluding)
Linux_kernel	Linux	3.3 (including)	3.4.92 (excluding)
Linux_kernel	Linux	3.5 (including)	3.10.42 (excluding)
Linux_kernel	Linux	3.11 (including)	3.12.22 (excluding)
Linux_kernel	Linux	3.13 (including)	3.14.6 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8
http://linux.oracle.com/errata/ELSA-2014-0771.html
http://linux.oracle.com/errata/ELSA-2014-3037.html
http://linux.oracle.com/errata/ELSA-2014-3038.html
http://linux.oracle.com/errata/ELSA-2014-3039.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
http://openwall.com/lists/oss-security/2014/06/05/24
http://openwall.com/lists/oss-security/2014/06/06/20
http://rhn.redhat.com/errata/RHSA-2014-0800.html
http://secunia.com/advisories/58500
http://secunia.com/advisories/58990
http://secunia.com/advisories/59029
http://secunia.com/advisories/59092
http://secunia.com/advisories/59153
http://secunia.com/advisories/59262
http://secunia.com/advisories/59309
http://secunia.com/advisories/59386
http://secunia.com/advisories/59599
http://www.debian.org/security/2014/dsa-2949
http://www.exploit-db.com/exploits/35370
http://www.openwall.com/lists/oss-security/2014/06/05/22
http://www.openwall.com/lists/oss-security/2021/02/01/4
http://www.securityfocus.com/bid/67906
http://www.securitytracker.com/id/1030451
http://www.ubuntu.com/usn/USN-2237-1
http://www.ubuntu.com/usn/USN-2240-1
https://bugzilla.redhat.com/show_bug.cgi?id=1103626
https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270
https://github.com/elongl/CVE-2014-3153
https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8
https://www.openwall.com/lists/oss-security/2021/02/01/4

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3153
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References