CVE-2014-9322
Description
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-9322
Vendor advisory: cve@mitre.org — https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5
Vendor advisory: cve@mitre.org — https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441
Vendor advisory: cve@mitre.org — https://bugzilla.redhat.com/show_bug.cgi?id=1172806
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2014/12/15/6
Vendor advisory: cve@mitre.org — http://source.android.com/security/bulletin/2016-04-02.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 3.16.7-ckt2-1 |
| debian | bullseye | fixed | 3.16.7-ckt2-1 |
| debian | forky | fixed | 3.16.7-ckt2-1 |
| debian | sid | fixed | 3.16.7-ckt2-1 |
| debian | trixie | fixed | 3.16.7-ckt2-1 |
| suse | 10 | affected | |
| rhel | 5.6 | affected | |
| ubuntu | 10.04 | affected | |
| linux-kernel | affected | 3.2.65 |
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://marc.info/?l=bugtraq&m=142722450701342&w=2
- http://marc.info/?l=bugtraq&m=142722544401658&w=2
- http://osvdb.org/show/osvdb/115919
- http://rhn.redhat.com/errata/RHSA-2014-1998.html
- http://rhn.redhat.com/errata/RHSA-2014-2008.html
- http://rhn.redhat.com/errata/RHSA-2014-2028.html
- http://rhn.redhat.com/errata/RHSA-2014-2031.html
- http://rhn.redhat.com/errata/RHSA-2015-0009.html
- http://secunia.com/advisories/62336
- http://source.android.com/security/bulletin/2016-04-02.html
- http://www.exploit-db.com/exploits/36266
- http://www.openwall.com/lists/oss-security/2014/12/15/6
- http://www.ubuntu.com/usn/USN-2491-1
- http://www.zerodayinitiative.com/advisories/ZDI-16-170
- https://bugzilla.redhat.com/show_bug.cgi?id=1172806
- https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441
- https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5
- https://security-tracker.debian.org/tracker/CVE-2014-9322
CWEs
CWE-269
Verify integrity in audit chain (admin only). AS-IS.