Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2014-3153

Published: 07/06/2014 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 729
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The futex_requeue function in kernel/futex.c in the Linux kernel up to and including 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

redhat enterprise linux server aus 6.2

suse linux enterprise desktop 11

suse linux enterprise server 11

suse linux enterprise real time extension 11

opensuse opensuse 11.4

suse linux enterprise high availability extension 11

Vendor Advisories

Debian CVElist Bug Report Logs: linux-image-3.13-1-amd64: r8169 kernel panic in interrupt handler
Debian Bug report logs - #741667 linux-image-313-1-amd64: r8169 kernel panic in interrupt handler Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Wojciech Nizinski <niziak-reportbug@spoxorg> Date: Sat, 15 Mar 2014 10:45:01 UTC Severity: important Tag ...
Debian Security Advisories: DSA-2950-1 openssl -- security update
Multiple vulnerabilities have been discovered in OpenSSL: CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service CVE-20 ...
Debian Security Advisories: DSA-2949-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3144 / CVE-2014-3145 A local user can cause a denial of service (system crash) via crafted BPF instructions CVE-2014-3153 Pinkie Pie discovered an issue in the futex subsystem that allows a local ...
Amazon Linux AMI: ALAS-2014-392
The media_device_enum_entities function in drivers/media/media-devicec in the Linux kernel before 3146 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call A flaw was found in the way the Linux ker ...
Amazon Linux AMI: ALAS-2014-363
The futex_requeue function in kernel/futexc in the Linux kernel through 3145 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification ...
Red Hat: CVE-2014-3153
A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes A local, unprivileged user could use this flaw to escalate their privileges on the system ...
Ubuntu Security Notice: linux-ec2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-quantal vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-saucy vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-raring vulnerabilities
Several security issues were fixed in the kernel ...

Exploits

Exploit DB: Linux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Local Privilege Escalation
/* * CVE-2014-3153 exploit for RHEL/CentOS 701406 * By Kaiqu Chen ( kaiquchen@163com ) * Based on libfutex and the expoilt for Android by GeoHot * * Usage: * $gcc exploitc -o exploit -lpthread * $/exploit * */ #include <stdioh> #include <stdlibh> #include <unistdh> #include <stdboolh> #include <pthread ...
Exploit DB: Android Futex Requeue Kernel Exploit
This Metasploit module exploits a bug in futex_requeue in the linux kernel Any android phone with a kernel built before June 2014 should be vulnerable ...

Github Repositories

https://github.com/Shark2016/vulklab

Vulnerable Kernel Laboratory a vulnerable kernel module to do kernel-exploit exercise the following vulnerabilities included: shellcode execute kernel stack overflow set_fs/addr_limit overwrite mmap out of bounds the following exploit technic included: ret2usr rop to bypass pxn kernel code patch dkom on cred document env setup: githubcom/Shark2016/vulklab/

https://github.com/gbrsh/rw_exploits

Some of the real world kernel exploits I wrote I guess it is safe to release these exploits now :) CVE-2014-3153

https://github.com/geekben/towelroot

Research of CVE-2014-3153 and its famous exploit towelroot on x86

towelroot Research of CVE-2014-3153 and its famous exploit towelroot on IA (x86) This job has DONE, but I can't leak the code, someone in my company has challenged me :( ##Compile gcc -fno-stack-protector -m32 -O0 -pthread towelrootc -o towelroot

https://github.com/redteam-project/cyber-range-scenarios

Training scenarios for cyber ranges

Cyber Range Scenarios Training scenarios for cloud-based cyber ranges, initially focused on utilizing Google Cloud Platform Available scenarios Scenario name Primary OS Type OS Versions Vulns CVEs Shell Shock example Linux RHEL 7 Shell Shock, libfutex CVE-2014-6271, CVE-2014-3153 overlayfs example Linux Ubuntu 1404 'overlayfs' Local Privilege Escalation CVE-

https://github.com/MikeStorrs/cyber

Google Cloud Cyber Range

Shell Shock / libfutex Privilege Escalation Example This scenario can be used to train operators to leverage a Shell Shock vulnerability in a PHP web page, along with the 'libfutex' Local Privilege Escalation Shell Shock libfutex Scenario features Feature Availability Implemented With Targets Yes GCE Attackers Yes GCE VPC Yes VPC Network logs Yes VPC F

https://github.com/zerodavinci/CVE-2014-3153-exploit

My exploit for kernel exploitation

CVE-2014-3153-exploit My exploit for kernel exploitation

https://github.com/tymat/android_futex_root

JNI reque/relock futex bug example

JNI reque/relock futex bug See: CVE-2014-3153

https://github.com/gbrsh/kernel_exploits

Some of the real world kernel exploits I wrote I guess it is safe to release these exploits now :) CVE-2014-3153

https://github.com/kerk1/ShellShock-Scenario

Cyber Range Scenarios Training scenarios for cloud-based cyber ranges, initially focused on utilizing Google Cloud Platform Available scenarios Scenario name Primary OS Type OS Versions Vulns CVEs Shell Shock example Linux RHEL 7 Shell Shock, libfutex CVE-2014-6271, CVE-2014-3153 overlayfs example Linux Ubuntu 1404 'overlayfs' Local Privilege Escalation CVE-

https://github.com/lieanu/CVE-2014-3153

cve2014-3153 exploit for ubuntu x86

##Towelroot for Ubuntu x86 This exp has been tested on ubuntu 1404 x86 and ubuntu 12042 x86 successfully Learning CVE2014-3153 and towelroot Kernel through version 314, use rbtree to store rt_waiter(not plist_node), more complex! IA have diffrent thread_info with ARM!! Source from geekben/towelroot and timwr/CVE-2014-3153 ###Compile and run $ gcc -fno-stack-protector -m3

https://github.com/sin4ts/CVE2014-3153

Project: TowelRoot and Injection code into linux kernel This README gives some explications about the exploit 'src/towelroot_inject_codec', more details about the project please read file 'repportpdf' Exploit The goal of the exploit which leverages the futex vulnerability is to inject code into kernel where 'loadable kernel modules(or LKM)' is n

https://github.com/dangtunguyen/TowelRoot

Gain root privilege by exploiting CVE-2014-3153 vulnerability

What is TowelRoot? Towelroot gains root access by exploiting a vulnerability in the kernel of Android, which is based on Linux and is a very basic component of the device that basically acts as a middle-man to make the operating system and the physical hardware talk to one another (threatpostcom/android-ransomware-attacks-using-towelroot-hacking-team-exploits/117655/)

https://github.com/c3c/CVE-2014-3153

towelroot

CVE-2014-3153 ubuntu 1404 64-bit 3130-24-generic

References

CWE-269http://www.securityfocus.com/bid/67906http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlhttp://openwall.com/lists/oss-security/2014/06/05/24http://secunia.com/advisories/59029http://www.debian.org/security/2014/dsa-2949http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlhttp://secunia.com/advisories/59262http://secunia.com/advisories/58990https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5ehttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8http://linux.oracle.com/errata/ELSA-2014-3037.htmlhttp://secunia.com/advisories/59153http://openwall.com/lists/oss-security/2014/06/06/20http://secunia.com/advisories/59309https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8http://www.securitytracker.com/id/1030451http://linux.oracle.com/errata/ELSA-2014-0771.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0800.htmlhttp://www.ubuntu.com/usn/USN-2237-1http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlhttp://linux.oracle.com/errata/ELSA-2014-3039.htmlhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270http://secunia.com/advisories/58500http://www.ubuntu.com/usn/USN-2240-1https://bugzilla.redhat.com/show_bug.cgi?id=1103626http://secunia.com/advisories/59386http://www.exploit-db.com/exploits/35370http://secunia.com/advisories/59599http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlhttp://www.openwall.com/lists/oss-security/2014/06/05/22http://secunia.com/advisories/59092http://linux.oracle.com/errata/ELSA-2014-3038.htmlhttp://www.openwall.com/lists/oss-security/2021/02/01/4https://www.openwall.com/lists/oss-security/2021/02/01/4https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.htmlhttps://github.com/elongl/CVE-2014-3153https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741667https://nvd.nist.govhttps://www.exploit-db.com/exploits/35370/https://access.redhat.com/security/cve/cve-2014-3153https://usn.ubuntu.com/2234-1/https://www.debian.org/security/./dsa-2950
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook