{
  "name" : "TowelRoot",
  "CVE" : [["CVE-2014-3153","threatpost-towelroot"]],
  "Coordinated_disclosure" : "true",
  "Categories" : ["kernel"],
  "Details" : [["The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.","CVE-2014-3153"]],
  "Discovered_by" : [["Pinkie Pie","DSA-2949-1"]],
  "Discovered_on" : [{"date" : "2014-05-03", "bound" : "before", "ref" : "CVE-2014-3153"}],
  "Submission" : [],
  "Reported_on" : [["2014-06-05", "openwall-CVE-2014-3153"]],
  "Fixed_on" : [["2014-06-03","futex-patch"]],
  "Fix_released_on" : [],
  "Affected_versions" : [["4.4 and earlier", "threatpost-towelroot"]],
  "Affected_devices" : [],
  "Affected_versions_regexp" : ["([1-3]\\.[0-9]\\.[0-9])|(4\\.[0-3]\\.[0-9])|(4\\.4\\.[0-4])"],
  "Affected_manufacturers" : [["all","threatpost-towelroot"]],
  "Fixed_versions" : [],
  "references" : {
    "threatpost-towelroot" : {
      "url" : "http://threatpost.com/android-root-access-vulnerability-affecting-most-devices",
      "archiveurl" : "https://perma.cc/L6VR-B87U"
    }
  , "CVE-2014-3153" : {
      "url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153"
    }
  , "DSA-2949-1" : {
      "url" : "https://lists.debian.org/debian-security-announce/2014/msg00130.html"
    }
  , "openwall-CVE-2014-3153" : {
      "url" : "http://www.openwall.com/lists/oss-security/2014/06/05/22"
    }
  , "futex-patch" : {
      "url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c243a5a6de0be8e584c604d353412584b592f8"
    , "component" : "kernel"
    , "commit" : "e9c243a5a6de0be8e584c604d353412584b592f8"
    }
  },
  "Surface": ["local", "app"],
  "Vector": ["memory-corruption"],
  "Target": ["kernel"],
  "Channel": ["app-execution"],
  "Condition": ["affected-app-installed"],
  "Privilege": ["kernel"]
  
}