Home > Vulnerability Database > CVE-2014-8133

Mend.io Vulnerability Database

CVE-2014-8133

Good to know:

Date: December 17, 2014

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.

Language: C

Severity Score

4.0

Related Resources (24)

Url: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Url: http://secunia.com/advisories/62801

Url: http://www.securityfocus.com/bid/71684

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

Url: http://www.openwall.com/lists/oss-security/2014/12/15/6

Url: http://www.debian.org/security/2015/dsa-3128

Url: http://rhn.redhat.com/errata/RHSA-2015-1272.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-8133

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8133

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1172797

Url: http://www.ubuntu.com/usn/USN-2491-1

Url: https://github.com/torvalds/linux/commit/41bdc78544b8a93a9c6814b8bbbfef966272abbe

Url: http://www.ubuntu.com/usn/USN-2492-1

Url: http://www.ubuntu.com/usn/USN-2515-1

Url: http://www.ubuntu.com/usn/USN-2490-1

Url: http://www.ubuntu.com/usn/USN-2517-1

Url: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=41bdc78544b8a93a9c6814b8bbbfef966272abbe

Url: http://www.ubuntu.com/usn/USN-2516-1

Url: http://www.ubuntu.com/usn/USN-2518-1

Url: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Url: https://security-tracker.debian.org/tracker/CVE-2014-8133

Url: https://access.redhat.com/security/cve/CVE-2014-8133

Url: http://www.ubuntu.com/usn/USN-2493-1

Url: https://www.mend.io/vulnerability-database/CVE-2014-8133

Severity Score

4.0

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

Upgrade Version

Upgrade to version v3.19-rc1

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-8133

Good to know:

Date: December 17, 2014

Language: C

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?