CVE-2014-3153

Impact:
Important
Public Date:
2014-06-04
Bugzilla:
1103626: CVE-2014-3153 kernel: futex: pi futexes requeue issue
A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system.

Find out more about CVE-2014-3153 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue requires local system access to be exploited. We are currently not aware of any working exploit for Red Hat Enterprise Linux 6 or Red Hat Enterprise MRG 2.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Extended Update Support 6.4 (kernel) RHSA-2014:0900 2014-07-17
Red Hat Enterprise Linux 6 (kernel) RHSA-2014:0771 2014-06-19
Red Hat Enterprise Linux 7 (kernel) RHSA-2014:0786 2014-06-24
Red Hat Enterprise Linux Advanced Update Support 6.2 (kernel) RHSA-2014:0800 2014-06-26
MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2014:0913 2014-07-22

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Affected
Red Hat Enterprise Linux 5 kernel Not affected

Acknowledgements

Red Hat would like to thank Kees Cook of Google for reporting this issue. Google acknowledges Pinkie Pie as the original reporter.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.