CVE-2014-9419

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-9419

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-9419.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-9419

Related

Published

2014-12-26T00:59:00Z

Modified

2024-09-18T01:00:20Z

Summary

[none]

Details

The _switchto function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.16.7-ckt4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.16.7-ckt4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.16.7-ckt4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}