CVE-2014-8133

Description

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=41bdc78544b8a93a9c6814b8bbbfef966272abbe

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://rhn.redhat.com/errata/RHSA-2015-1272.html

https://bugzilla.redhat.com/show_bug.cgi?id=1172797

http://secunia.com/advisories/62801

https://github.com/torvalds/linux/commit/41bdc78544b8a93a9c6814b8bbbfef966272abbe

http://www.debian.org/security/2015/dsa-3128

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

http://www.openwall.com/lists/oss-security/2014/12/15/6

http://www.ubuntu.com/usn/USN-2490-1

http://www.ubuntu.com/usn/USN-2491-1

http://www.ubuntu.com/usn/USN-2492-1

http://www.ubuntu.com/usn/USN-2493-1

http://www.ubuntu.com/usn/USN-2515-1

http://www.ubuntu.com/usn/USN-2516-1

http://www.ubuntu.com/usn/USN-2517-1

http://www.ubuntu.com/usn/USN-2518-1

Details

Risk Information

CVSS v2