Home

CVE-2014-3153

Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
72.19

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2014-0224,CVE-2014-3153 are fixed in Chrome 35.0.1916.155Windows
Vulnerabilities CVE-2014-0224,CVE-2014-3153 are fixed in Chrome (x64) 35.0.1916.155Windows
Linux kernel (USN-2235-1) linux-image-3.2.0-64-generic_3.2.0-64.97_i386.debLinux
Linux kernel (USN-2235-1) linux-image-3.2.0-64-generic_3.2.0-64.97_amd64.debLinux
Linux kernel (USN-2235-1) linux-image-3.2.0-64-virtual_3.2.0-64.97_i386.debLinux
Linux kernel (USN-2235-1) linux-image-3.2.0-64-virtual_3.2.0-64.97_amd64.debLinux
Linux kernel (USN-2235-1) linux-image-3.2.0-64-generic-pae_3.2.0-64.97_i386.debLinux
Linux hardware enablement kernel from Raring (USN-2238-1) linux-image-3.8.0-42-generic_3.8.0-42.63~precise1_i386.debLinux
Linux hardware enablement kernel from Raring (USN-2238-1) linux-image-3.8.0-42-generic_3.8.0-42.63~precise1_amd64.debLinux
Linux hardware enablement kernel from Saucy (USN-2239-1) linux-image-3.11.0-23-generic_3.11.0-23.40~precise1_i386.debLinux
Linux hardware enablement kernel from Saucy (USN-2239-1) linux-image-3.11.0-23-generic_3.11.0-23.40~precise1_amd64.debLinux
Linux kernel (USN-2240-1) linux-image-3.13.0-29-generic_3.13.0-29.53_i386.debLinux
Linux kernel (USN-2240-1) linux-image-3.13.0-29-generic_3.13.0-29.53_amd64.debLinux
Linux kernel (USN-2240-1) linux-image-3.13.0-29-lowlatency_3.13.0-29.53_i386.debLinux
Linux kernel (USN-2240-1) linux-image-3.13.0-29-lowlatency_3.13.0-29.53_amd64.debLinux
Dtrace-modules-3.8.13-35.1.1.el6uek update (ELSA-2014-3037) dtrace-modules-3.8.13-35.1.1.el6uek-0.4.3-4.el6.x86_64.rpmLinux
Dtrace-modules-headers update (ELSA-2014-3037) dtrace-modules-headers-0.4.3-4.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-44.el6uek update (ELSA-2014-3070) dtrace-modules-3.8.13-44.el6uek-0.4.3-4.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-44.el7uek update (ELSA-2014-3070) dtrace-modules-3.8.13-44.el7uek-0.4.3-4.el7.x86_64.rpmLinux
Vulnerabilities CVE-2014-0224,CVE-2014-3153 are fixed in Chrome 35.0.1916.155 (For Debian)Linux
Vulnerabilities CVE-2014-0224,CVE-2014-3153 are fixed in Chrome 35.0.1916.155 (For Centos)Linux
Vulnerabilities CVE-2014-0224,CVE-2014-3153 are fixed in Chrome 35.0.1916.155 (For RedHat)Linux
Vulnerabilities CVE-2014-0224,CVE-2014-3153 are fixed in Chrome 35.0.1916.155 (For Suse)Linux
Vulnerabilities CVE-2014-0224,CVE-2014-3153 are fixed in Chrome 35.0.1916.155 (For Ubuntu)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-313038Google Chrome (80.0.3987.122)
PATCH-313039Google Chrome (x64) (80.0.3987.122)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234