Published: 17/12/2014 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

arch/x86/kernel/entry_64.S in the Linux kernel prior to 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux eus 5.6
canonical ubuntu linux 10.04
opensuse evergreen 11.4
suse suse linux enterprise server 10
google android 6.0.1
google android 6.0

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 64 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact A Commo ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having Important securityimpact A Commo ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 56 Long LifeRed Hat Product Security has rated this update as having Important securityimpact A Common Vulnerabilit ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 4 Extended Life Cycle SupportRed Hat Product Security has rated this update as having Important securityimpact A Com ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 65 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact A Commo ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scoring Sy ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 59 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact A Commo ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scoring Sy ...

Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix one security issue are now availablefor Red Hat Enterprise MRG 25Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scor ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Important securityimpact ...

The sctp_process_param function in net/sctp/sm_make_chunkc in the SCTP implementation in the Linux kernel before 3174, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (CVE-2014-7841) The pivot_root implementation in fs/namespacec in the Linux kerne ...

Several security issues were fixed in the kernel ...

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space A local, unprivileged user could use this flaw to escalate their privileges on the system ...

arch/x86/kernel/entry_64S in the Linux kernel before 3175 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space This is a POC to reproduce vulnerability No exploitation ...

/* ---------------------------------------------------------------------------------------------------- * cve-2014-9322_pocc * * arch/x86/kernel/entry_64S in the Linux kernel before 3175 does not * properly handle faults associated with the Stack Segment (SS) segment * register, which allows local users to gain privileges by triggering an ...

# CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 (aka BadIRET) proof of concept for Linux kernel This PoC uses only syscalls not any libraries, like pthread Threads are implemented using raw Linux syscalls [Raw Linux Threads via System Calls](nullprogramcom/blog/2015/05/15/) # Usage ``` $ make ``` **badiretelf** is an ELF exe ...

CVE-2014-9322 (a.k.a BadIRET) proof of concept for Linux

CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 (aka BadIRET) proof of concept for Linux kernel This PoC uses only syscalls not any libraries, like pthread Threads are implemented using raw Linux syscalls Raw Linux Threads via System Calls Usage $ make badiretelf is an ELF executable badiretbin is a raw binary that can be used as

CWE-269 http://www.openwall.com/lists/oss-security/2014/12/15/6 https://bugzilla.redhat.com/show_bug.cgi?id=1172806 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5 https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441 http://secunia.com/advisories/62336 http://www.ubuntu.com/usn/USN-2491-1 http://www.exploit-db.com/exploits/36266 http://osvdb.org/show/osvdb/115919 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://www.zerodayinitiative.com/advisories/ZDI-16-170 https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities http://source.android.com/security/bulletin/2016-04-02.html http://marc.info/?l=bugtraq&m=142722450701342&w=2 http://marc.info/?l=bugtraq&m=142722544401658&w=2 http://rhn.redhat.com/errata/RHSA-2015-0009.html http://rhn.redhat.com/errata/RHSA-2014-2031.html http://rhn.redhat.com/errata/RHSA-2014-2028.html http://rhn.redhat.com/errata/RHSA-2014-2008.html http://rhn.redhat.com/errata/RHSA-2014-1998.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441 https://nvd.nist.gov https://github.com/RKX1209/CVE-2014-9322 https://access.redhat.com/errata/RHSA-2014:2030 https://www.exploit-db.com/exploits/36266/https://alas.aws.amazon.com/ALAS-2014-455.html https://usn.ubuntu.com/2464-1/

Get Started

CVE-2014-9322

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect