7.8

CVE-2014-9322

Exploit

EPSS 5.76%
Published 17.12.2014 11:59:02
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Affected products Warnungen 0 Metrics 3 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 3.2.65

Linux ≫ Linux Kernel Version >= 3.3 < 3.4.106

Linux ≫ Linux Kernel Version >= 3.5 < 3.10.62

Linux ≫ Linux Kernel Version >= 3.11 < 3.12.35

Linux ≫ Linux Kernel Version >= 3.13 < 3.14.26

Linux ≫ Linux Kernel Version >= 3.15 < 3.16.35

Linux ≫ Linux Kernel Version >= 3.17 < 3.17.5

Redhat ≫ Enterprise Linux Eus Version5.6

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Opensuse ≫ Evergreen Version11.4

Suse ≫ Suse Linux Enterprise Server Version10 Updatesp4 SwEditionltss

Google ≫ Android Version6.0

Google ≫ Android Version6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.76%	0.901

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=142722450701342&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=142722544401658&w=2

Third Party Advisory

Mailing List

http://source.android.com/security/bulletin/2016-04-02.html

Patch

Third Party Advisory

http://www.ubuntu.com/usn/USN-2491-1

Third Party Advisory

http://secunia.com/advisories/62336

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441

https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441

Patch

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/12/15/6

Patch

Third Party Advisory

Mailing List

http://osvdb.org/show/osvdb/115919

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-1998.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-2008.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-2028.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-2031.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0009.html

Third Party Advisory

http://www.exploit-db.com/exploits/36266

Third Party Advisory

Exploit

VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-16-170

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1172806

Patch

Third Party Advisory

Issue Tracking

https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities

Third Party Advisory

Permissions Required

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5

Patch

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2014-9322

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9322

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9322

EUVD