CVE-2014-9419

LOW

Description

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f647d7c155f069c1a068030255c300663516420e

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://rhn.redhat.com/errata/RHSA-2015-1081.html

http://www.debian.org/security/2015/dsa-3128

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

http://www.openwall.com/lists/oss-security/2014/12/25/1

http://www.securityfocus.com/bid/71794

http://www.ubuntu.com/usn/USN-2515-1

http://www.ubuntu.com/usn/USN-2516-1

http://www.ubuntu.com/usn/USN-2517-1

http://www.ubuntu.com/usn/USN-2518-1

http://www.ubuntu.com/usn/USN-2541-1

http://www.ubuntu.com/usn/USN-2542-1

https://bugzilla.redhat.com/show_bug.cgi?id=1177260

https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e

Details

Source: MITRE

Published: 2014-12-26

Updated: 2018-01-05

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.18.1 (inclusive)

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
125301EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1508)NessusHuawei Local Security Checks
high
124807EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1483)NessusHuawei Local Security Checks
high
90019OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)NessusOracleVM Local Security Checks
critical
88571RHEL 7 : kernel-rt (RHSA-2015:2411)NessusRed Hat Local Security Checks
medium
88545openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)NessusSuSE Local Security Checks
critical
87559Scientific Linux Security Update : kernel on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
medium
87135CentOS 7 : kernel (CESA-2015:2152)NessusCentOS Local Security Checks
high
87090Oracle Linux 7 : kernel (ELSA-2015-2152)NessusOracle Linux Local Security Checks
high
86972RHEL 7 : kernel (RHSA-2015:2152)NessusRed Hat Local Security Checks
high
86796F5 Networks BIG-IP : Linux kernel vulnerability (SOL17551)NessusF5 Networks Local Security Checks
low
85097Oracle Linux 6 : kernel (ELSA-2015-1272)NessusOracle Linux Local Security Checks
high
84545SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1174-1)NessusSuSE Local Security Checks
critical
84141OracleVM 3.3 : kernel-uek (OVMSA-2015-0069)NessusOracleVM Local Security Checks
medium
84110Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3043)NessusOracle Linux Local Security Checks
medium
84109Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3042)NessusOracle Linux Local Security Checks
medium
84108Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3041)NessusOracle Linux Local Security Checks
medium
84091CentOS 6 : kernel (CESA-2015:1081)NessusCentOS Local Security Checks
high
84078Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609)NessusScientific Linux Local Security Checks
high
84075RHEL 6 : kernel (RHSA-2015:1081)NessusRed Hat Local Security Checks
high
84073Oracle Linux 6 : kernel (ELSA-2015-1081)NessusOracle Linux Local Security Checks
high
83702SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1)NessusSuSE Local Security Checks
high
82756openSUSE Security Update : Linux Kernel (openSUSE-2015-302)NessusSuSE Local Security Checks
critical
82755openSUSE Security Update : the Linux Kernel (openSUSE-2015-301)NessusSuSE Local Security Checks
high
82069Ubuntu 12.04 LTS : linux vulnerabilities (USN-2541-1)NessusUbuntu Local Security Checks
critical
82020SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 10412 / 10415 / 10416)NessusSuSE Local Security Checks
high
81941Mandriva Linux Security Advisory : kernel (MDVSA-2015:058)NessusMandriva Local Security Checks
high
81646Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3)NessusUbuntu Local Security Checks
high
81645Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)NessusUbuntu Local Security Checks
high
81590Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2)NessusUbuntu Local Security Checks
high
81571Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)NessusUbuntu Local Security Checks
high
81570Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1)NessusUbuntu Local Security Checks
high
81569Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1)NessusUbuntu Local Security Checks
high
81568Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)NessusUbuntu Local Security Checks
high
80578Mandriva Linux Security Advisory : kernel (MDVSA-2015:027)NessusMandriva Local Security Checks
high
80558Debian DSA-3128-1 : linux - security updateNessusDebian Local Security Checks
high
80465Fedora 20 : kernel-3.17.8-200.fc20 (2015-0515)NessusFedora Local Security Checks
high
80452Fedora 21 : kernel-3.17.8-300.fc21 (2015-0517)NessusFedora Local Security Checks
high