CISA KEV 정보
| 취약점명 | Linux Kernel Privilege Escalation Vulnerability |
|---|---|
| 설명 | The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-269 |
| 등록일 (KEV) | 2022-05-25 |
| 조치 기한 | 2022-06-15 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2014-3153 |
NVD 상세 정보
CVSS v3.1: 7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
참조
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8 [Broken Link]
- http://linux.oracle.com/errata/ELSA-2014-0771.html [Third Party Advisory]
- http://linux.oracle.com/errata/ELSA-2014-3037.html [Third Party Advisory]
- http://linux.oracle.com/errata/ELSA-2014-3038.html [Third Party Advisory]
- http://linux.oracle.com/errata/ELSA-2014-3039.html [Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html [Mailing List, Third Party Advisory]
- http://openwall.com/lists/oss-security/2014/06/05/24 [Mailing List]
- http://openwall.com/lists/oss-security/2014/06/06/20 [Mailing List]
- http://rhn.redhat.com/errata/RHSA-2014-0800.html [Third Party Advisory]
- http://secunia.com/advisories/58500 [Broken Link]
- ... 외 64건
This product uses the NVD API but is not endorsed or certified by the NVD.