2.1

CVE-2014-9419

EPSS 0.06%
Veröffentlicht 26.12.2014 00:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 3.18.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.debian.org/security/2015/dsa-3128

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

http://www.ubuntu.com/usn/USN-2515-1

http://www.ubuntu.com/usn/USN-2516-1

http://www.ubuntu.com/usn/USN-2517-1

http://www.ubuntu.com/usn/USN-2518-1

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f647d7c155f069c1a068030255c300663516420e

http://rhn.redhat.com/errata/RHSA-2015-1081.html

http://www.openwall.com/lists/oss-security/2014/12/25/1

http://www.securityfocus.com/bid/71794

http://www.ubuntu.com/usn/USN-2541-1

http://www.ubuntu.com/usn/USN-2542-1

https://bugzilla.redhat.com/show_bug.cgi?id=1177260

Vendor Advisory

https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e

https://nvd.nist.gov/vuln/detail/CVE-2014-9419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9419

EUVD