Home > Vulnerability Database > CVE-2014-9419

Mend.io Vulnerability Database

CVE-2014-9419

Good to know:

Date: December 25, 2014

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Language: C

Severity Score

4.0

Related Resources (23)

Url: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Url: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f647d7c155f069c1a068030255c300663516420e

Url: http://rhn.redhat.com/errata/RHSA-2015-1081.html

Url: http://www.securityfocus.com/bid/71794

Url: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html

Url: https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e

Url: http://www.debian.org/security/2015/dsa-3128

Url: http://www.ubuntu.com/usn/USN-2541-1

Url: http://www.ubuntu.com/usn/USN-2542-1

Url: http://www.ubuntu.com/usn/USN-2515-1

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html

Url: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-9419

Url: http://www.ubuntu.com/usn/USN-2517-1

Url: http://www.openwall.com/lists/oss-security/2014/12/25/1

Url: http://www.ubuntu.com/usn/USN-2516-1

Url: http://www.ubuntu.com/usn/USN-2518-1

Url: https://access.redhat.com/security/cve/CVE-2014-9419

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1177260

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9419

Url: https://www.mend.io/vulnerability-database/CVE-2014-9419

Severity Score

4.0

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version v3.19-rc1,v3.14.28,v3.16.35,v3.18.2,v3.2.67

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-9419

Good to know:

Date: December 25, 2014

Language: C

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?