CVE-2014-9585

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-9585
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2
http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1081.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1778.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1787.html Third Party Advisory
http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html Broken Link
http://www.debian.org/security/2015/dsa-3170 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/12/09/10 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/09/8 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/71990 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2513-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2514-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2515-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2516-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2517-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2518-1 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
History

07 Nov 2023, 02:23

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=commit;h=bc3b94c31d65e761ddfe150d02932c65971b74e2', 'name': 'http://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=commit;h=bc3b94c31d65e761ddfe150d02932c65971b74e2', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/tip/tip.git;a=commit;h=fbe1bf140671619508dfa575d74a185ae53c5dbb', 'name': 'http://git.kernel.org/?p=linux/kernel/git/tip/tip.git;a=commit;h=fbe1bf140671619508dfa575d74a185ae53c5dbb', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 -
  • () http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb -
Information

Published : 2015-01-09 21:59

Updated : 2024-02-28 12:20

NVD link : CVE-2014-9585

Mitre link : CVE-2014-9585

CVE.ORG link : CVE-2014-9585

JSON object : View

Products Affected

suse

  • linux_enterprise_desktop
  • linux_enterprise_server
  • linux_enterprise_workstation_extension
  • linux_enterprise_real_time_extension
  • linux_enterprise_software_development_kit

redhat

  • enterprise_linux_server_tus
  • enterprise_linux_workstation
  • enterprise_linux_server_aus
  • enterprise_linux_server
  • enterprise_linux_server_eus
  • enterprise_linux_eus
  • enterprise_linux_desktop
  • enterprise_linux_aus

linux

  • linux_kernel

opensuse

  • opensuse
  • evergreen

canonical

  • ubuntu_linux

debian

  • debian_linux

fedoraproject

  • fedora
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024