Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-3153

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 07 июн. 2014
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: high
EPSS Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ
CVSS2: 7.2
CVSS3: 7.8

ОписаниС

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.10.0-19.21
esm-infra-legacy/trusty

released

3.13.0-29.53
esm-infra-legacy/xenial

not-affected

4.2.0-16.19
esm-infra/xenial

not-affected

4.2.0-16.19
lucid

released

2.6.32-61.124
precise

released

3.2.0-64.97
precise/esm

released

3.2.0-64.97
saucy

released

3.11.0-23.40
trusty

released

3.13.0-29.53
trusty/esm

released

3.13.0-29.53

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

released

3.2.0-1634.49
precise/esm

DNE

precise was released [3.2.0-1634.49]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra-legacy/xenial

not-affected

4.4.0-1001.10
esm-infra/xenial

not-affected

4.4.0-1001.10
precise

DNE

precise/esm

DNE

trusty

not-affected

4.4.0-1002.2
trusty/esm

not-affected

4.4.0-1002.2
upstream

released

3.15
vivid/stable-phone-overlay

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

released

2.6.32-365.79
precise

DNE

precise/esm

DNE

saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was ignored [end of life, was needed]
lucid

DNE

precise

DNE

precise/esm

DNE

saucy

DNE

trusty

ignored

end of standard support, was needed
trusty/esm

ignored

end of life, was needed

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

ignored

end of life
precise

DNE

precise/esm

DNE

saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

4.4.0-1003.3

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was ignored [end of life, was needed]
lucid

DNE

precise

DNE

precise/esm

DNE

saucy

ignored

trusty

ignored

end of standard support, was needed
trusty/esm

ignored

end of life, was needed

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
lucid

DNE

precise

DNE

precise/esm

DNE

saucy

ignored

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

3.15
utopic

ignored

end of life

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

not-affected

4.8.0-36.36~16.04.1
esm-infra/xenial

not-affected

4.8.0-36.36~16.04.1
precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
vivid/stable-phone-overlay

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

not-affected

4.8.0-36.36~16.04.1
esm-infra/xenial

not-affected

4.8.0-36.36~16.04.1
precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
vivid/stable-phone-overlay

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

ignored

end of life
precise/esm

DNE

precise was ignored [abandoned]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

ignored

end of life
precise/esm

DNE

precise was ignored [abandoned]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

ignored

end of life
precise/esm

DNE

precise was ignored [abandoned]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

released

3.5.0-51.77~precise1
precise/esm

DNE

precise was released [3.5.0-51.77~precise1]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

released

3.8.0-42.62~precise1
precise/esm

DNE

precise was released [3.8.0-42.62~precise1]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

released

3.11.0-23.40~precise1
precise/esm

DNE

precise was released [3.11.0-23.40~precise1]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

released

3.13.0-29.53~precise1
precise/esm

released

3.13.0-29.53~precise1
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [3.16.0-25.33~14.04.2]]
lucid

DNE

precise

DNE

precise/esm

DNE

trusty

not-affected

3.16.0-25.33~14.04.2
trusty/esm

DNE

trusty was not-affected [3.16.0-25.33~14.04.2]
upstream

released

3.15
utopic

DNE

vivid

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [3.19.0-18.18~14.04.1]]
lucid

DNE

precise

DNE

precise/esm

DNE

trusty

not-affected

3.19.0-18.18~14.04.1
trusty/esm

DNE

trusty was not-affected [3.19.0-18.18~14.04.1]
upstream

released

3.15
utopic

DNE

vivid

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [4.2.0-18.22~14.04.1]]
precise

DNE

precise/esm

DNE

trusty

not-affected

4.2.0-18.22~14.04.1
trusty/esm

DNE

trusty was not-affected [4.2.0-18.22~14.04.1]
upstream

released

3.15
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
precise

DNE

precise/esm

DNE

trusty

not-affected

4.4.0-13.29~14.04.1
trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

3.15
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
lucid

DNE

precise

DNE

precise/esm

DNE

saucy

ignored

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was ignored [end of life, was needed]
lucid

DNE

precise

DNE

precise/esm

DNE

saucy

ignored

trusty

ignored

end of standard support, was needed
trusty/esm

ignored

end of life, was needed

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was ignored [end of life, was needed]
lucid

DNE

precise

DNE

precise/esm

DNE

saucy

ignored

trusty

ignored

end of standard support, was needed
trusty/esm

ignored

end of life, was needed
upstream

released

3.15
utopic

not-affected

3.4.0-6.27

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

ignored

end of life
precise

DNE

precise/esm

DNE

saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was ignored [abandoned]
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.10.0-1004.6
esm-infra-legacy/trusty

DNE

precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

released

4.2.0-1014.21

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.4.0-1050.54
esm-infra-legacy/trusty

DNE

precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

3.15
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

released

3.2.0-1449.68
precise/esm

DNE

precise was released [3.2.0-1449.68]
saucy

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

3.15
utopic

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 98%
0.37233
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

7.2 High

CVSS2

7.8 High

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-3153

redhat
ΠΎΠΊΠΎΠ»ΠΎ 12 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-3153

CVSS3: 7.8
nvd
ΠΎΠΊΠΎΠ»ΠΎ 12 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2014-3153

CVSS3: 7.8
debian
ΠΎΠΊΠΎΠ»ΠΎ 12 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The futex_requeue function in kernel/futex.c in the Linux kernel throu ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-5gr7-gr2q-52gp

CVSS3: 7.8
github
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

oracle-oval Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

ELSA-2014-3039

oracle-oval
ΠΎΠΊΠΎΠ»ΠΎ 12 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ELSA-2014-3039: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 98%
0.37233
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

7.2 High

CVSS2

7.8 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2014-3153