Vulnerability Report

CVE-2014-3153

CISA KEV Active

Title: Redhat Enterprise Linux Server Aus Auth Bypass

Auth Bypass

Proof Of Concept

PoC Available for CVE-2014-3153

CWE Category NVD-CWE-noinfo

Published Date Jun 07, 2014

Modified Date Apr 21, 2026

Exploit Status Available

Score 7.8 CVSS v3.1

Exploit Probability (EPSS)

71.36%

Vulnerability Summary

CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Impacted Vendors

Reference Links

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8 http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3037.html http://linux.oracle.com/errata/ELSA-2014-3038.html http://linux.oracle.com/errata/ELSA-2014-3039.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://openwall.com/lists/oss-security/2014/06/05/24 http://openwall.com/lists/oss-security/2014/06/06/20 http://rhn.redhat.com/errata/RHSA-2014-0800.html http://secunia.com/advisories/58500 http://secunia.com/advisories/58990 http://secunia.com/advisories/59029 http://secunia.com/advisories/59092 http://secunia.com/advisories/59153 http://secunia.com/advisories/59262 http://secunia.com/advisories/59309 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2949 http://www.exploit-db.com/exploits/35370 http://www.openwall.com/lists/oss-security/2014/06/05/22 http://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.securityfocus.com/bid/67906 http://www.securitytracker.com/id/1030451 http://www.ubuntu.com/usn/USN-2237-1 http://www.ubuntu.com/usn/USN-2240-1 https://bugzilla.redhat.com/show_bug.cgi?id=1103626 https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 https://github.com/elongl/CVE-2014-3153 https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8 https://www.openwall.com/lists/oss-security/2021/02/01/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8 http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3037.html http://linux.oracle.com/errata/ELSA-2014-3038.html http://linux.oracle.com/errata/ELSA-2014-3039.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://openwall.com/lists/oss-security/2014/06/05/24 http://openwall.com/lists/oss-security/2014/06/06/20 http://rhn.redhat.com/errata/RHSA-2014-0800.html http://secunia.com/advisories/58500 http://secunia.com/advisories/58990 http://secunia.com/advisories/59029 http://secunia.com/advisories/59092 http://secunia.com/advisories/59153 http://secunia.com/advisories/59262 http://secunia.com/advisories/59309 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2949 http://www.exploit-db.com/exploits/35370 http://www.openwall.com/lists/oss-security/2014/06/05/22 http://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.securityfocus.com/bid/67906 http://www.securitytracker.com/id/1030451 http://www.ubuntu.com/usn/USN-2237-1 http://www.ubuntu.com/usn/USN-2240-1 https://bugzilla.redhat.com/show_bug.cgi?id=1103626 https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 https://github.com/elongl/CVE-2014-3153 https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8 https://www.openwall.com/lists/oss-security/2021/02/01/4 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.8

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity HIGH

7.8

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.2

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2014-3153 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/35370

View Code

April 21, 2026 MODIFIED

Vulnerability data updated via NVD.

April 21, 2026 MODIFIED

Vulnerability data updated via NVD.

October 22, 2025 MODIFIED

Vulnerability data or affected products updated.

June 07, 2014 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.