CVE-2014-3153

CVE Database · CVE-2014-3153

CVE-2014-3153

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

37.23%

Published

Jun 7, 2014

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-05-25 · Due: 2022-06-15

Apply updates per vendor instructions.

Public PoC / Exploit (10)

All weaponized →

Exploit-DBLinux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Local Privilege Escalation TrickestTrickest PoC index GitHub PoCtimwr/CVE-2014-3153★123 GitHub PoCgeekben/towelroot★46 GitHub PoCandroid-rooting-tools/libfutex_exploit★19 GitHub PoClieanu/CVE-2014-3153★18 GitHub PoCdangtunguyen/TowelRoot★17 GitHub PoCelongl/CVE-2014-3153★13 GitHub PoCzerodavinci/CVE-2014-3153-exploit★5 GitHub PoCc3c/CVE-2014-3153★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products (18)

linux · linux_kernel (up to 3.2.60)vulnerable

linux · linux_kernel (up to 3.4.92)vulnerable

linux · linux_kernel (up to 3.10.42)vulnerable

linux · linux_kernel (up to 3.12.22)vulnerable

linux · linux_kernel (up to 3.14.6)vulnerable

redhat · enterprise_linux_server_ausvulnerable

opensuse · opensusevulnerable

suse · linux_enterprise_desktopvulnerable

suse · linux_enterprise_high_availability_extensionvulnerable