CVE-2014-3153

HIGH KEV RANSOMWARE

Linux Kernel <=3.14.5 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2014-3153 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022, with confirmed use in ransomware campaigns. EIP tracks 11 public exploits from researchers including Kaiqu Chen, timwr, geekben, including a Metasploit module exploits/android/local/futex_requeue.

AI-analyzed exploit summary This exploit leverages CVE-2014-3153, a futex-related vulnerability in the Linux kernel, to achieve local privilege escalation (LPE) on RHEL/CentOS 7.0.1406. It manipulates kernel structures to overwrite credentials and gain root access.

Description

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Exploits (11)

exploitdb WORKING POC

by Kaiqu Chen · clocallinux

https://www.exploit-db.com/exploits/35370

View Code ZIP pw:eip

This exploit leverages CVE-2014-3153, a futex-related vulnerability in the Linux kernel, to achieve local privilege escalation (LPE) on RHEL/CentOS 7.0.1406. It manipulates kernel structures to overwrite credentials and gain root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel (RHEL/CentOS 7.0.1406)

No auth needed

Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2014-3153

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 123 stars

by timwr · local

https://github.com/timwr/CVE-2014-3153

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2014-3153, a futex-based local privilege escalation vulnerability in the Linux kernel. The exploit leverages futex requeue operations to achieve arbitrary kernel memory writes, ultimately executing shellcode with root privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (versions before 3.14.5)

No auth needed

Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2014-3153

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 46 stars

by geekben · local

https://github.com/geekben/towelroot

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2014-3153, a Linux kernel vulnerability that allows local privilege escalation. The exploit manipulates kernel memory via futex operations to gain root privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (versions affected by CVE-2014-3153)

No auth needed

Prerequisites: Local access to the target system · Vulnerable Linux kernel version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 19 stars

by android-rooting-tools · remote

https://github.com/android-rooting-tools/libfutex_exploit

View Code ZIP pw:eip

This exploit targets CVE-2024-3153, a futex-related vulnerability in the Linux kernel, to achieve local privilege escalation (LPE) on Android devices. It manipulates futex operations and thread priorities to corrupt kernel memory and gain root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (Android)

No auth needed

Prerequisites: Local access to the target device · Kernel version vulnerable to CVE-2024-3153

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 18 stars

by lieanu · local

https://github.com/lieanu/CVE-2014-3153

View Code ZIP pw:eip

This is a working privilege escalation exploit for CVE-2014-3153, targeting Linux kernels up to 3.14. It leverages a futex race condition to gain root privileges by manipulating kernel memory structures.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel (up to 3.14)

No auth needed

Prerequisites: Linux x86 system with vulnerable kernel (up to 3.14) · Local user access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 16 stars

by dangtunguyen · local

https://github.com/dangtunguyen/TowelRoot

View Code ZIP pw:eip

This repository contains a working proof-of-concept exploit for CVE-2014-3153, a Linux kernel vulnerability affecting Android devices. The exploit leverages a futex-related race condition to achieve local privilege escalation (LPE) by modifying kernel memory structures to grant root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (Android devices)

No auth needed

Prerequisites: Access to a vulnerable Android device with kernel version affected by CVE-2014-3153

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 13 stars

by elongl · local

https://github.com/elongl/CVE-2014-3153

View Code ZIP pw:eip

This repository contains a working proof-of-concept exploit for CVE-2014-3153, a futex-related vulnerability in the Linux kernel. It includes code to trigger a kernel crash and achieve local privilege escalation by manipulating futex operations and kernel memory structures.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (versions affected by CVE-2014-3153)

No auth needed

Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2014-3153

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by zerodavinci · remote

https://github.com/zerodavinci/CVE-2014-3153-exploit

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2014-3153, a futex-related vulnerability in the Linux kernel. The exploit demonstrates a denial-of-service (DoS) and privilege escalation via kernel arbitrary read/write, targeting ARM and x86 systems with kernel versions <= 3.14.5.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel <= 3.14.5

No auth needed

Prerequisites: Linux kernel <= 3.14.5 · Single CPU machine (preferably ARM) · Compilation with specific flags for ARM/x86

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by c4mx · poc

https://github.com/c4mx/Linux-kernel-code-injection_CVE-2014-3153

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2024-3153, a Linux kernel vulnerability allowing local privilege escalation via futex manipulation. The code includes multiple modules for injecting and executing arbitrary code in kernel space.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2024-3153)

No auth needed

Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2024-3153

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by c3c · remote

https://github.com/c3c/CVE-2014-3153

View Code ZIP pw:eip

This exploit targets CVE-2014-3153, a futex-based privilege escalation vulnerability in the Linux kernel. It manipulates futex operations to corrupt kernel memory, ultimately achieving local privilege escalation by overwriting the `addr_limit` field in the thread_info structure.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel 3.13.0-24-generic (Ubuntu 14.04 64-bit)

No auth needed

Prerequisites: Local access to the vulnerable system · Kernel version 3.13.0-24-generic or similar vulnerable versions

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Pinkie Pie, geohot, timwr · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/android/local/futex_requeue.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2014-3153, a futex_requeue vulnerability in Linux kernels before June 2014, to achieve local privilege escalation on Android devices. It dynamically targets specific device models and injects a payload to gain root access.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (Android devices with kernels built before June 2014)

No auth needed

Prerequisites: Access to a vulnerable Android device · Ability to execute code on the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (40)

Core 40

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67906

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2014/06/05/24

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59029

Exploit vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2949

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59262

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/58990

Mailing List, Patch x_refsource_confirm

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e

Mailing List, Patch x_refsource_confirm

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339

Broken Link x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8

Third Party Advisory x_refsource_confirm

http://linux.oracle.com/errata/ELSA-2014-3037.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59153

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2014/06/06/20

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59309

Patch x_refsource_confirm

https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8

View Patch ZIP pw:eip

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030451

Third Party Advisory x_refsource_confirm

http://linux.oracle.com/errata/ELSA-2014-0771.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0800.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2237-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

Third Party Advisory x_refsource_confirm

http://linux.oracle.com/errata/ELSA-2014-3039.html

Mailing List, Patch x_refsource_confirm

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/58500

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2240-1

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1103626

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59386

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35370

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59599

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/06/05/22

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59092

Third Party Advisory x_refsource_confirm

http://linux.oracle.com/errata/ELSA-2014-3038.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/02/01/4

Mailing List x_refsource_misc

https://www.openwall.com/lists/oss-security/2021/02/01/4

Exploit x_refsource_misc

https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html

Third Party Advisory x_refsource_misc

https://github.com/elongl/CVE-2014-3153

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153

Scores

CVSS v3 7.8

EPSS 0.7533

EPSS Percentile 98.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-05-25

VulnCheck KEV 2015-07-21

InTheWild.io 2014-06-07

ENISA EUVD EUVD-2014-3171

Ransomware Use Confirmed

Status published

Products (11)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

linux/linux_kernel < 3.2.60

opensuse/opensuse 11.4

oracle/linux 5

oracle/linux 6

redhat/enterprise_linux_server_aus 6.2

suse/linux_enterprise_desktop 11 sp3

suse/linux_enterprise_high_availability_extension 11 sp3

suse/linux_enterprise_real_time_extension 11 sp3

... and 1 more

Published Jun 07, 2014

KEV Added May 25, 2022

Tracked Since Feb 18, 2026