CVE-2014-9419

CVE Details

Release Date:	2014-12-08
Impact:	Low	What is this?

Description

The __switch_to function in arch/x86/kernel/process_64.c in the Linuxkernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

See more information about CVE-2014-9419 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	1.9
Vector String:	AV:L/AC:M/Au:N/C:P/I:N/A:N
Version:	2.0
Attack Vector:	Local
Attack Complexity:	Medium
Authentication:	None
Confidentiality Impact:	Partial
Integrity Impact:	None
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3042	2015-06-10
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3043	2015-06-10
Oracle Linux version 5 (mlnx_en-2.6.32-400.37.5.el5uek)	ELSA-2015-3043	2015-06-10
Oracle Linux version 5 (ofa-2.6.32-400.37.5.el5uek)	ELSA-2015-3043	2015-06-10
Oracle Linux version 6 (dtrace-modules-3.8.13-68.3.2.el6uek)	ELSA-2015-3041	2015-06-10
Oracle Linux version 6 (kernel)	ELSA-2015-1081	2015-06-09
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3041	2015-06-10
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3042	2015-06-10
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3043	2015-06-10
Oracle Linux version 6 (mlnx_en-2.6.32-400.37.5.el6uek)	ELSA-2015-3043	2015-06-10
Oracle Linux version 6 (ofa-2.6.32-400.37.5.el6uek)	ELSA-2015-3043	2015-06-10
Oracle Linux version 7 (dtrace-modules-3.8.13-68.3.2.el7uek)	ELSA-2015-3041	2015-06-10
Oracle Linux version 7 (kernel)	ELSA-2015-2152	2015-11-24
Oracle Linux version 7 (kernel-uek)	ELSA-2015-3041	2015-06-10
Oracle VM version 3.2 (kernel-uek)	OVMSA-2016-0037	2016-03-16
Oracle VM version 3.3 (kernel-uek)	OVMSA-2015-0069	2015-06-10