2.1

CVE-2014-9419

EPSS 0.06%
Published 26.12.2014 00:59:00
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 3.18.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.143

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.debian.org/security/2015/dsa-3128

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

http://www.ubuntu.com/usn/USN-2515-1

http://www.ubuntu.com/usn/USN-2516-1

http://www.ubuntu.com/usn/USN-2517-1

http://www.ubuntu.com/usn/USN-2518-1

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f647d7c155f069c1a068030255c300663516420e

http://rhn.redhat.com/errata/RHSA-2015-1081.html

http://www.openwall.com/lists/oss-security/2014/12/25/1

http://www.securityfocus.com/bid/71794

http://www.ubuntu.com/usn/USN-2541-1

http://www.ubuntu.com/usn/USN-2542-1

https://bugzilla.redhat.com/show_bug.cgi?id=1177260

Vendor Advisory

https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e

https://nvd.nist.gov/vuln/detail/CVE-2014-9419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9419

EUVD