CVE-2014-3153CVE-2014-3153

Affected configuration(s):

cpe:/a:redhat:enterprise_mrg:2.0
cpe:/o:linux:linux_kernel:3.14:-
cpe:/o:linux:linux_kernel:3.14:rc1
cpe:/o:linux:linux_kernel:3.14:rc2
cpe:/o:linux:linux_kernel:3.14:rc3
cpe:/o:linux:linux_kernel:3.14:rc4
cpe:/o:linux:linux_kernel:3.14:rc5
cpe:/o:linux:linux_kernel:3.14:rc6
cpe:/o:linux:linux_kernel:3.14:rc7
cpe:/o:linux:linux_kernel:3.14:rc8
cpe:/o:linux:linux_kernel:3.14.1
cpe:/o:linux:linux_kernel:3.14.2
cpe:/o:linux:linux_kernel:3.14.3
cpe:/o:linux:linux_kernel:3.14.4
cpe:/o:linux:linux_kernel:3.14.5
cpe:/o:redhat:enterprise_linux:6

Date published: 2014-06-07T10:55:27.240-04:00

Date last modified: 2017-01-06T21:59:53.987-05:00

CVSS Score: 7.2

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8

Summary: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.