CVE-2014-9322

HIGH

Linux kernel <3.17.5 - Privilege Escalation

Title source: llm

Description

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Exploits (3)

exploitdb WORKING POC

by Ren Kimura · locallinux

https://www.exploit-db.com/exploits/44205

View Code ZIP pw:eip

exploitdb WORKING POC

by Emeric Nasi · cdoslinux_x86-64

https://www.exploit-db.com/exploits/36266

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by RKX1209 · poc

https://github.com/RKX1209/CVE-2014-9322

View Code ZIP pw:eip

References (22)

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=142722450701342&w=2

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=142722544401658&w=2

[Broken Link] http://osvdb.org/show/osvdb/115919

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-1998.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-2008.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-2028.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-2031.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-0009.html

[Broken Link] http://secunia.com/advisories/62336

[Patch, Third Party Advisory] http://source.android.com/security/bulletin/2016-04-02.html

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/36266

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2014/12/15/6

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2491-1

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-16-170

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1172806

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441

... and 2 more

Scores

CVSS v3 7.8

EPSS 0.0523

EPSS Percentile 90.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (7)

canonical/ubuntu_linux 10.04

google/android 6.0

google/android 6.0.1

linux/linux_kernel < 3.2.65

opensuse/evergreen 11.4

redhat/enterprise_linux_eus 5.6

suse/suse_linux_enterprise_server 10 sp4

Published Dec 17, 2014

Tracked Since Feb 18, 2026