The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
Information Disclosure
Linux
NVD
Exploit-DB
GitHub
VulDB
CVSS 3.1
7.8
EPSS
69.3%
Threat
6.6