Vulnerability Description
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 3.18.1 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.ht
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.ht
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2015-1081.html
- http://www.debian.org/security/2015/dsa-3128
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
- http://www.openwall.com/lists/oss-security/2014/12/25/1
- http://www.securityfocus.com/bid/71794
- http://www.ubuntu.com/usn/USN-2515-1
- http://www.ubuntu.com/usn/USN-2516-1
- http://www.ubuntu.com/usn/USN-2517-1
- http://www.ubuntu.com/usn/USN-2518-1
FAQ
What is CVE-2014-9419?
CVE-2014-9419 is a vulnerability with a CVSS score of 2.1 (LOW). The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, w...
How severe is CVE-2014-9419?
CVE-2014-9419 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9419?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.