CVE-2014-3153

Name: CVE-2014-3153
Creator: NVD / NIST
Published: 2014-06-07T14:55:27.24+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 37.23%

Last modified Jun 17, 2026

CVE-2014-3153 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.. CISA has confirmed active exploitation in the wild. EPSS estimates a 37.23% chance of exploitation in the next 30 days.

Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

37.23%

98.3th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 15, 2022.

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	< 3.2.60	—
Linux	Linux Kernel	>= 3.3, < 3.4.92	—
Linux	Linux Kernel	>= 3.5, < 3.10.42	—
Linux	Linux Kernel	>= 3.11, < 3.12.22	—
Linux	Linux Kernel	>= 3.13, < 3.14.6	—
Redhat	Enterprise Linux Server Aus	6.2	—
Opensuse	Opensuse	11.4	—
Suse	Linux Enterprise Desktop	11	Sp3
Suse	Linux Enterprise High Availability Extension	11	Sp3
Suse	Linux Enterprise Real Time Extension	11	Sp3
Suse	Linux Enterprise Server	11	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	14.04	—
Oracle	Linux	5	—
Oracle	Linux	6	—

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8Broken Link
http://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3037.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3038.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3039.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlMailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2014/06/05/24Mailing List
http://openwall.com/lists/oss-security/2014/06/06/20Mailing List
http://rhn.redhat.com/errata/RHSA-2014-0800.htmlThird Party Advisory
http://secunia.com/advisories/58500Broken Link
http://secunia.com/advisories/58990Broken Link
http://secunia.com/advisories/59029Broken Link
http://secunia.com/advisories/59092Broken Link
http://secunia.com/advisories/59153Broken Link
http://secunia.com/advisories/59262Broken Link
http://secunia.com/advisories/59309Broken Link
http://secunia.com/advisories/59386Broken Link
http://secunia.com/advisories/59599Broken Link
http://www.debian.org/security/2014/dsa-2949Exploit
http://www.exploit-db.com/exploits/35370Third Party Advisory, VDB Entry
http://www.openwall.com/lists/oss-security/2014/06/05/22Mailing List
http://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
http://www.securityfocus.com/bid/67906Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1030451Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2237-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2240-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1103626Issue Tracking, Third Party Advisory
https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.htmlExploit
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5eMailing List, Patch
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339Mailing List, Patch
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270Mailing List, Patch
https://github.com/elongl/CVE-2014-3153Third Party Advisory
https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8Patch
https://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8Broken Link
http://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3037.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3038.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3039.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlMailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2014/06/05/24Mailing List
http://openwall.com/lists/oss-security/2014/06/06/20Mailing List
http://rhn.redhat.com/errata/RHSA-2014-0800.htmlThird Party Advisory
http://secunia.com/advisories/58500Broken Link
http://secunia.com/advisories/58990Broken Link
http://secunia.com/advisories/59029Broken Link
http://secunia.com/advisories/59092Broken Link
http://secunia.com/advisories/59153Broken Link
http://secunia.com/advisories/59262Broken Link
http://secunia.com/advisories/59309Broken Link
http://secunia.com/advisories/59386Broken Link
http://secunia.com/advisories/59599Broken Link
http://www.debian.org/security/2014/dsa-2949Exploit
http://www.exploit-db.com/exploits/35370Third Party Advisory, VDB Entry
http://www.openwall.com/lists/oss-security/2014/06/05/22Mailing List
http://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
http://www.securityfocus.com/bid/67906Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1030451Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2237-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2240-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1103626Issue Tracking, Third Party Advisory
https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.htmlExploit
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5eMailing List, Patch
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339Mailing List, Patch
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270Mailing List, Patch
https://github.com/elongl/CVE-2014-3153Third Party Advisory
https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8Patch
https://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153US Government Resource

Timeline

Published: Jun 7, 2014
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2014-3153?

How severe is CVE-2014-3153?

CVE-2014-3153 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 37.23% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2014-3153?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3153?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST