what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2014-3153

Status Candidate

Overview

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Related Files

Android Futex Requeue Kernel Exploit
Posted Feb 9, 2015
Authored by timwr, geohot, Pinkie Pie | Site metasploit.com

This Metasploit module exploits a bug in futex_requeue in the linux kernel. Any android phone with a kernel built before June 2014 should be vulnerable.

tags | exploit, kernel
systems | linux
advisories | CVE-2014-3153
SHA-256 | edb509825e7088dfdc443f8f8613f34f0bee062721bb567b7808210b3962498c
Red Hat Security Advisory 2014-0913-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0913-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0181, CVE-2014-0206, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917, CVE-2014-3940, CVE-2014-4027, CVE-2014-4667, CVE-2014-4699
SHA-256 | c05d77b8bb0fb6653e702993e25b62f141d1901c64377ea8e2757ba943646f2b
Red Hat Security Advisory 2014-0900-01
Posted Jul 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0900-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free function) arbitrary kernel memory.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2014-1737, CVE-2014-1738, CVE-2014-3153
SHA-256 | 93d4f43f287c1cf23493c2e022072560eb159a8f9435a1c0e2e7ec757823346e
Ubuntu Security Notice USN-2260-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2260-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0077, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2568, CVE-2014-2851, CVE-2014-3122, CVE-2014-3153
SHA-256 | a4a39b070b3c2638637a0a3a42c4348f420eadd2c2d14b44a27b4ddd0bcfd35c
Red Hat Security Advisory 2014-0800-01
Posted Jun 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0800-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-1737, CVE-2014-1738, CVE-2014-3153
SHA-256 | 68b3fb1fb5d2a50a6aabb2fe63feed3bc724bdba866925293b9ec244d4b96131
Red Hat Security Advisory 2014-0786-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0786-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0206, CVE-2014-1737, CVE-2014-1738, CVE-2014-2568, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
SHA-256 | a129a6ab0073091556499735a5f8f8e80ead78b268c608d9656be19c8bbccf5f
Red Hat Security Advisory 2014-0771-01
Posted Jun 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0771-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039, CVE-2014-3153
SHA-256 | 045975b06f49ae62face7f508bfd20413516dac60cbe25c8914c866298aa5808
Mandriva Linux Security Advisory 2014-124
Posted Jun 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-124 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2137, CVE-2013-2897, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917
SHA-256 | 73e79f50856da66b94dc300dcf75b8e4967914b79209768459dcab2e0db44614
Ubuntu Security Notice USN-2241-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2241-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-2568, CVE-2014-3122, CVE-2014-3153
SHA-256 | 9f556c84725fa489406fed432596d83e8cf96d8721c948a8dde8225ec5175290
Ubuntu Security Notice USN-2240-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2240-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-2568, CVE-2014-3122, CVE-2014-3153
SHA-256 | 717f46e16db930378c24aaca56ffa76130972cc7967994484ac3f7ea3afb18b3
Ubuntu Security Notice USN-2239-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2239-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-2568, CVE-2014-3122, CVE-2014-3153
SHA-256 | f6d854244ec1173e8de754f9b5576ff1b8318f1ad9b43e7ebffa38a9f1eff412
Ubuntu Security Notice USN-2238-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2238-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged local user could exploit this flaw to cause a denial of service (OOM system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4483, CVE-2014-3153
SHA-256 | 70fb20c757d7aab8aad26aa886ad9b69b70f92f55d8b50260d08a304901d4768
Ubuntu Security Notice USN-2237-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2237-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3153
SHA-256 | f04c8f2591a87def309bd4ffec335fd7cff6076a031040da554fe99f35ccff6e
Ubuntu Security Notice USN-2236-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2236-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0055, CVE-2014-3122, CVE-2014-3153
SHA-256 | 3a1e08d39f79c8036e898dc93105df90865ee2f4a0f78a7cd9ca8133ba3c5a0c
Ubuntu Security Notice USN-2235-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2235-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0055, CVE-2014-3122, CVE-2014-3153
SHA-256 | 623ae2a1f685eb46320f0134b33584d128798c2c0c80c89ad8cd188194607df1
Ubuntu Security Notice USN-2234-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2234-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4387, CVE-2013-4470, CVE-2013-4483, CVE-2014-1438, CVE-2014-3122, CVE-2014-3153
SHA-256 | a93c4dad0670abab855ed08d6ba04f65b5dd4b888b0d22e9e68426fca77a4f1d
Ubuntu Security Notice USN-2233-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2233-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4387, CVE-2013-4470, CVE-2013-4483, CVE-2014-1438, CVE-2014-3122, CVE-2014-3153
SHA-256 | b254623a74545b5c66708396dc56fd6e8302db1a965a8fc69f3ad3c62f7b363e
Debian Security Advisory 2949-1
Posted Jun 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2949-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
SHA-256 | 45405d468e8010f880354b2ce2dd7801de3e4c470ba76a2d1bd51a96f14afe54
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close