Linux kernel futex_requeue privilege elevation
Added: 12/03/2014CVE: CVE-2014-3153
BID: 67906
OSVDB: 107752
Background
The futex system call in Linux provides a mechanism for user-space locking.Problem
A vulnerability in the Linux kernel allows an unprivileged user to gain root access using a specially crafted futex_requeue call.Resolution
Upgrade to a fixed kernel package from your Linux vendor.References
https://lists.debian.org/debian-security-announce/2014/msg00130.htmlLimitations
Exploit works on CentOS 7 and Red Hat 7 and requires an existing unprivileged shell connection to the target.Platforms
LinuxBack to exploit index