A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
Find out more about CVE-2014-9322 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does affect the Linux kernel packages as shipped with Red Hat
Enterprise Linux 4, 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux
kernel updates for the respective releases will address this issue.
Base Score | 7.2 |
---|---|
Base Metrics | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
CVSS3 Base Score | 8.4 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux Advanced Update Support 6.2 (kernel) | RHSA-2014:2028 | 2014-12-22 |
Red Hat Enterprise Linux EUS (v. 5.9 server) (kernel) | RHSA-2014:2029 | 2014-12-22 |
Red Hat Enterprise Linux 6 (kernel) | RHSA-2014:1997 | 2014-12-16 |
Red Hat Enterprise Linux Extended Update Support 6.4 (kernel) | RHSA-2014:2030 | 2014-12-22 |
Red Hat Enterprise Linux 7 (kernel) | RHSA-2014:2010 | 2014-12-18 |
Red Hat Enterprise Linux Extended Update Support 6.5 (kernel) | RHSA-2014:2009 | 2014-12-17 |
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2014:1998 | 2014-12-16 |
Red Hat Enterprise Linux Extended Lifecycle Support 4 (kernel) | RHSA-2015:0009 | 2015-01-05 |
Red Hat Enterprise Linux 5 (kernel) | RHSA-2014:2008 | 2014-12-17 |
Red Hat Enterprise Linux Long Life (v. 5.6 server) (kernel) | RHSA-2014:2031 | 2014-12-22 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise MRG 2 | kernel | Affected |