AndroidVulnerabilities.org

TowelRoot

(json)

• CVE numbers: CVE-2014-3153 [threatpost-towelroot][archived]
• Coordinated disclosure?: true
• Categories: kernel
• Details: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. [CVE-2014-3153]
• Discovered by: Pinkie Pie [DSA-2949-1] on: 2014-05-03 [CVE-2014-3153]
• Reported on: 2014-06-05 [openwall-CVE-2014-3153]
• Fixed on: 2014-06-03 [futex-patch]
• Fix released on: Unknown
• Affected versions: 4.4 and earlier [threatpost-towelroot][archived] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
• Affected devices:
• Affected manufacturers: all [threatpost-towelroot][archived]
• Fixed versions:
• Submission: