CVE-2014-3153

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions openSUSE versions prior to the fixed version Linux kernel versions through 3.14.5

Description The issue is related to a vulnerability in the Linux kernel, specifically in the futex requeue function, which does not ensure that calls have two different futex addresses. This allows local users to gain privileges via a crafted FUTEX REQUEUE command, potentially leading to a violation of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited locally.

Recommendations For openSUSE versions prior to the fixed version: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions through 3.14.5: Update to a version later than 3.14.5 to resolve the issue. As a temporary workaround, consider restricting access to the futex requeue function until a patch is available.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-264

Related Identifiers

ALSA-2025_16880

ALT-PU-2014-1733

ALT-PU-2014-1738

ALT-PU-2014-1739

ALT-PU-2014-1740

ALT-PU-2014-1741

ALT-PU-2014-1750

ALT-PU-2014-1752

ALT-PU-2014-1753

ALT-PU-2014-1765

ALT-PU-2014-1802

ALT-PU-2014-1820

ALT-PU-2014-2064

BDU:2014-00063

BDU:2015-05900

BDU:2015-05901

BDU:2015-05902

BDU:2015-05903

BDU:2015-05904

BDU:2015-05905

BDU:2015-05906

BDU:2015-05907

BDU:2015-05908

BDU:2015-05909

BDU:2015-05910

BDU:2015-05911

BDU:2015-05912

BDU:2015-05913

BDU:2015-05914

BDU:2015-05915

BDU:2015-05916

BDU:2015-05917

BDU:2015-05918

BDU:2015-05919

BDU:2015-05920

BDU:2015-05921

BDU:2015-05922

CESA-2014_0771

CVE-2014-3153

DLA-0007-1

DSA-2949-1

ELSA-2014-0771

ELSA-2014-0786

ELSA-2014-3037

ELSA-2014-3038

ELSA-2014-3039

MGASA-2014-0265

MGASA-2014-0273

MGASA-2014-0330

MGASA-2014-0331

MGASA-2014-0332

MGASA-2014-0336

MGASA-2014-0337

MGASA-2015-0077

OPENSUSE-SU-2014_0840-1

OPENSUSE-SU-2014_0856-1

OPENSUSE-SU-2014_0878-1

RHSA-2014:0771

RHSA-2014:0786

RHSA-2014:0800

RHSA-2014:0900

RHSA-2014:0913

RHSA-2014_0771

RHSA-2014_0786

SUSE-RU-2015:0621-1

SUSE-SU-2014_0775-1

SUSE-SU-2014_0837-1

SUSE-SU-2014_0837-2

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2233-1

USN-2234-1

USN-2235-1

USN-2236-1

USN-2237-1

USN-2238-1

USN-2239-1

USN-2240-1

USN-2241-1

USN-2260-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

Opensuse

CVE-2014-3153

Weakness Enumeration

Related Identifiers

Affected Products

References · 189