Launchpad.net

CVE 2014-9419

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Related bugs and status

CVE-2014-9419 (Candidate) is related to these bugs:

Bug #1407945: CVE-2014-9419

		In	Importance	Status
1407945	CVE-2014-9419	linux (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-fsl-imx51 (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-mvl-dove (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-backport-maverick (Ubuntu)	Undecided	New
1407945	CVE-2014-9419	linux-lts-backport-natty (Ubuntu)	Undecided	New
1407945	CVE-2014-9419	linux-ti-omap4 (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-ec2 (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-ec2 (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-fsl-imx51 (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-backport-maverick (Ubuntu Vivid)	Undecided	New
1407945	CVE-2014-9419	linux-lts-backport-natty (Ubuntu Vivid)	Undecided	New
1407945	CVE-2014-9419	linux-mvl-dove (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-ti-omap4 (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-backport-maverick (Ubuntu Utopic)	Undecided	Won't Fix
1407945	CVE-2014-9419	linux-lts-backport-natty (Ubuntu Utopic)	Undecided	Won't Fix
1407945	CVE-2014-9419	linux (Ubuntu Trusty)	Medium	Fix Released
1407945	CVE-2014-9419	linux-ec2 (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-fsl-imx51 (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-backport-maverick (Ubuntu Trusty)	Undecided	New
1407945	CVE-2014-9419	linux-lts-backport-natty (Ubuntu Trusty)	Undecided	New
1407945	CVE-2014-9419	linux-mvl-dove (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-ti-omap4 (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux (Ubuntu Precise)	Medium	Fix Released
1407945	CVE-2014-9419	linux-ec2 (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-fsl-imx51 (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-backport-maverick (Ubuntu Precise)	Undecided	Won't Fix
1407945	CVE-2014-9419	linux-lts-backport-natty (Ubuntu Precise)	Undecided	Won't Fix
1407945	CVE-2014-9419	linux-mvl-dove (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-ti-omap4 (Ubuntu Precise)	Medium	Fix Released
1407945	CVE-2014-9419	linux-lts-backport-maverick (Ubuntu Lucid)	Undecided	Won't Fix
1407945	CVE-2014-9419	linux-lts-backport-natty (Ubuntu Lucid)	Undecided	Won't Fix
1407945	CVE-2014-9419	linux-lts-trusty (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-trusty (Ubuntu Precise)	Medium	Fix Released
1407945	CVE-2014-9419	linux-lts-trusty (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-trusty (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-armadaxp (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-armadaxp (Ubuntu Precise)	Medium	Fix Released
1407945	CVE-2014-9419	linux-armadaxp (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-armadaxp (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-utopic (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-utopic (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-utopic (Ubuntu Trusty)	Medium	Fix Released
1407945	CVE-2014-9419	linux-lts-utopic (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-saucy (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-saucy (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-saucy (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-saucy (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-quantal (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-quantal (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-quantal (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-quantal (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-raring (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-raring (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-raring (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-lts-raring (Ubuntu Vivid)	Medium	Invalid
1407945	CVE-2014-9419	linux-goldfish (Ubuntu)	Medium	New
1407945	CVE-2014-9419	linux-goldfish (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-goldfish (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-goldfish (Ubuntu Vivid)	Medium	New
1407945	CVE-2014-9419	linux-flo (Ubuntu)	Medium	New
1407945	CVE-2014-9419	linux-flo (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-flo (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-flo (Ubuntu Vivid)	Medium	Won't Fix
1407945	CVE-2014-9419	linux-mako (Ubuntu)	Medium	New
1407945	CVE-2014-9419	linux-mako (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-mako (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-mako (Ubuntu Vivid)	Medium	New
1407945	CVE-2014-9419	linux-manta (Ubuntu)	Medium	Invalid
1407945	CVE-2014-9419	linux-manta (Ubuntu Precise)	Medium	Invalid
1407945	CVE-2014-9419	linux-manta (Ubuntu Trusty)	Medium	Invalid
1407945	CVE-2014-9419	linux-manta (Ubuntu Vivid)	Medium	New
1407945	CVE-2014-9419	linux (Ubuntu Wily)	Medium	Invalid
1407945	CVE-2014-9419	linux-armadaxp (Ubuntu Wily)	Medium	Invalid
1407945	CVE-2014-9419	linux-ec2 (Ubuntu Wily)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-9419

Related bugs and status

Related bugs

References