The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://rhn.redhat.com/errata/RHSA-2015-1081.html
http://www.debian.org/security/2015/dsa-3128
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
http://www.openwall.com/lists/oss-security/2014/12/25/1
http://www.securityfocus.com/bid/71794
http://www.ubuntu.com/usn/USN-2515-1
http://www.ubuntu.com/usn/USN-2516-1
http://www.ubuntu.com/usn/USN-2517-1
http://www.ubuntu.com/usn/USN-2518-1
http://www.ubuntu.com/usn/USN-2541-1
http://www.ubuntu.com/usn/USN-2542-1
https://bugzilla.redhat.com/show_bug.cgi?id=1177260
https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.18.1 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
125301 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1508) | Nessus | Huawei Local Security Checks | high |
124807 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1483) | Nessus | Huawei Local Security Checks | high |
90019 | OracleVM 3.2 : kernel-uek (OVMSA-2016-0037) | Nessus | OracleVM Local Security Checks | critical |
88571 | RHEL 7 : kernel-rt (RHSA-2015:2411) | Nessus | Red Hat Local Security Checks | medium |
88545 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-124) | Nessus | SuSE Local Security Checks | critical |
87559 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20151119) | Nessus | Scientific Linux Local Security Checks | medium |
87135 | CentOS 7 : kernel (CESA-2015:2152) | Nessus | CentOS Local Security Checks | high |
87090 | Oracle Linux 7 : kernel (ELSA-2015-2152) | Nessus | Oracle Linux Local Security Checks | high |
86972 | RHEL 7 : kernel (RHSA-2015:2152) | Nessus | Red Hat Local Security Checks | high |
86796 | F5 Networks BIG-IP : Linux kernel vulnerability (SOL17551) | Nessus | F5 Networks Local Security Checks | low |
85097 | Oracle Linux 6 : kernel (ELSA-2015-1272) | Nessus | Oracle Linux Local Security Checks | high |
84545 | SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1174-1) | Nessus | SuSE Local Security Checks | critical |
84141 | OracleVM 3.3 : kernel-uek (OVMSA-2015-0069) | Nessus | OracleVM Local Security Checks | medium |
84110 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3043) | Nessus | Oracle Linux Local Security Checks | medium |
84109 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3042) | Nessus | Oracle Linux Local Security Checks | medium |
84108 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3041) | Nessus | Oracle Linux Local Security Checks | medium |
84091 | CentOS 6 : kernel (CESA-2015:1081) | Nessus | CentOS Local Security Checks | high |
84078 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609) | Nessus | Scientific Linux Local Security Checks | high |
84075 | RHEL 6 : kernel (RHSA-2015:1081) | Nessus | Red Hat Local Security Checks | high |
84073 | Oracle Linux 6 : kernel (ELSA-2015-1081) | Nessus | Oracle Linux Local Security Checks | high |
83702 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1) | Nessus | SuSE Local Security Checks | high |
82756 | openSUSE Security Update : Linux Kernel (openSUSE-2015-302) | Nessus | SuSE Local Security Checks | critical |
82755 | openSUSE Security Update : the Linux Kernel (openSUSE-2015-301) | Nessus | SuSE Local Security Checks | high |
82069 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2541-1) | Nessus | Ubuntu Local Security Checks | critical |
82020 | SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 10412 / 10415 / 10416) | Nessus | SuSE Local Security Checks | high |
81941 | Mandriva Linux Security Advisory : kernel (MDVSA-2015:058) | Nessus | Mandriva Local Security Checks | high |
81646 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3) | Nessus | Ubuntu Local Security Checks | high |
81645 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2) | Nessus | Ubuntu Local Security Checks | high |
81590 | Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2) | Nessus | Ubuntu Local Security Checks | high |
81571 | Ubuntu 14.10 : linux vulnerabilities (USN-2518-1) | Nessus | Ubuntu Local Security Checks | high |
81570 | Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1) | Nessus | Ubuntu Local Security Checks | high |
81569 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1) | Nessus | Ubuntu Local Security Checks | high |
81568 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1) | Nessus | Ubuntu Local Security Checks | high |
80578 | Mandriva Linux Security Advisory : kernel (MDVSA-2015:027) | Nessus | Mandriva Local Security Checks | high |
80558 | Debian DSA-3128-1 : linux - security update | Nessus | Debian Local Security Checks | high |
80465 | Fedora 20 : kernel-3.17.8-200.fc20 (2015-0515) | Nessus | Fedora Local Security Checks | high |
80452 | Fedora 21 : kernel-3.17.8-300.fc21 (2015-0517) | Nessus | Fedora Local Security Checks | high |