Published: 26/12/2014 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel up to and including 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Debian Bug report logs - #774155 linux: CVE-2014-9428: Remote crash of kernel via batman-adv module Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: conchur@webde Date: Mon, 29 Dec 2014 16:48:01 UTC Severity: important Tags: patch, security, upstream Found in versi ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red H ...

Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh proces ...

Several security issues were fixed in the kernel ...

USN-2516-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

USN-2516-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

USN-2515-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

CWE-200 https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e http://www.openwall.com/lists/oss-security/2014/12/25/1 https://bugzilla.redhat.com/show_bug.cgi?id=1177260 http://www.ubuntu.com/usn/USN-2518-1 http://www.ubuntu.com/usn/USN-2515-1 http://www.ubuntu.com/usn/USN-2516-1 http://www.ubuntu.com/usn/USN-2517-1 http://www.debian.org/security/2015/dsa-3128 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.ubuntu.com/usn/USN-2541-1 http://www.ubuntu.com/usn/USN-2542-1 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://www.securityfocus.com/bid/71794 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2015-1081.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f647d7c155f069c1a068030255c300663516420e https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774155 https://nvd.nist.gov https://usn.ubuntu.com/2542-1/https://www.debian.org/security/./dsa-3128

CVE-2014-9419

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect