CVE-2014-9419

Linux kernel <3.18.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

References (19)

Core 19
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2541-1
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1177260
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2518-1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/71794
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/12/25/1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2517-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3128
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2516-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1081.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2515-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2542-1

Scores

EPSS 0.0044
EPSS Percentile 35.1%

Details

CWE
CWE-200
Status published
Products (1)
linux/linux_kernel < 3.18.1
Published Dec 26, 2014
Tracked Since Feb 18, 2026