Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-9419

Good to know:

icon
icon

Date: December 25, 2014

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Language: C

Severity Score

Related Resources (23)

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f647d7c155f069c1a068030255c300663516420e
http://rhn.redhat.com/errata/RHSA-2015-1081.html
http://www.securityfocus.com/bid/71794
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e
http://www.debian.org/security/2015/dsa-3128
http://www.ubuntu.com/usn/USN-2541-1
http://www.ubuntu.com/usn/USN-2542-1
http://www.ubuntu.com/usn/USN-2515-1
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
https://nvd.nist.gov/vuln/detail/CVE-2014-9419
http://www.ubuntu.com/usn/USN-2517-1
http://www.openwall.com/lists/oss-security/2014/12/25/1
http://www.ubuntu.com/usn/USN-2516-1
http://www.ubuntu.com/usn/USN-2518-1
https://access.redhat.com/security/cve/CVE-2014-9419
https://bugzilla.redhat.com/show_bug.cgi?id=1177260
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9419
https://www.mend.io/vulnerability-database/CVE-2014-9419

Severity Score

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

icon

Upgrade Version

Upgrade to version v3.19-rc1,v3.14.28,v3.16.35,v3.18.2,v3.2.67

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us