CVE-2014-8133

CVE Details

Release Date:	2014-12-15
Impact:	Low	What is this?

Description

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementationin the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.

See more information about CVE-2014-8133 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	1.9
Vector String:	AV:L/AC:M/Au:N/C:P/I:N/A:N
Version:	2.0
Attack Vector:	Local
Attack Complexity:	Medium
Authentication:	None
Confidentiality Impact:	Partial
Integrity Impact:	None
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3054	2015-07-31
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3055	2015-07-31
Oracle Linux version 5 (mlnx_en-2.6.32-400.37.9.el5uek)	ELSA-2015-3055	2015-07-31
Oracle Linux version 5 (ofa-2.6.32-400.37.9.el5uek)	ELSA-2015-3055	2015-07-31
Oracle Linux version 6 (dtrace-modules-3.8.13-68.el6uek)	ELSA-2015-3012	2015-03-19
Oracle Linux version 6 (kernel)	ELSA-2015-1272	2015-07-28
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3012	2015-03-19
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3054	2015-07-31
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3055	2015-07-31
Oracle Linux version 6 (mlnx_en-2.6.32-400.37.9.el6uek)	ELSA-2015-3055	2015-07-31
Oracle Linux version 6 (ofa-2.6.32-400.37.9.el6uek)	ELSA-2015-3055	2015-07-31
Oracle Linux version 7 (dtrace-modules-3.8.13-68.el7uek)	ELSA-2015-3012	2015-03-19
Oracle Linux version 7 (kernel-uek)	ELSA-2015-3012	2015-03-19
Oracle VM version 3.2 (kernel-uek)	OVMSA-2016-0037	2016-03-16
Oracle VM version 3.3 (kernel-uek)	OVMSA-2015-0040	2015-04-06