CVE-2014-3153
Published: 07 June 2014
Summary
CVE-2014-3153 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2014-3153 resides in the futex_requeue function within kernel/futex.c of the Linux kernel through version 3.14.5. The flaw arises because the function does not verify that FUTEX_REQUEUE operations specify two different futex addresses, permitting unsafe modification of waiter structures.
Local users can exploit the issue by supplying a crafted FUTEX_REQUEUE command, resulting in privilege escalation with full impact on confidentiality, integrity, and availability as reflected in the CVSS 7.8 score.
References including the upstream commit e9c243a5a6de0be8e584c604d353412584b592f8 and Oracle errata such as ELSA-2014-0771, ELSA-2014-3037, ELSA-2014-3038, and ELSA-2014-3039 indicate that mitigation is achieved through kernel updates that enforce proper address validation during futex requeue handling.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-3171
Vulnerability details
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
- CWE(s)
- KEV Date Added
- 25 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the kernel patch (e.g., commit e9c243a5) that adds the missing address validation in futex_requeue.
Requires validation of all inputs to futex_requeue, specifically enforcing two distinct futex addresses to block the crafted REQUEUE command.
Enforces kernel-level access decisions so that unsafe waiter modifications cannot result in unauthorized privilege escalation.