[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9585Date: (C)2015-01-13   (M)2024-04-17


The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-71990
DSA-3170
FEDORA-2015-0937
MDVSA-2015:058
RHSA-2015:1081
RHSA-2015:1778
RHSA-2015:1787
SUSE-SU-2015:0178
SUSE-SU-2015:0481
SUSE-SU-2015:0652
SUSE-SU-2015:0736
USN-2513-1
USN-2514-1
USN-2515-1
USN-2516-1
USN-2517-1
USN-2518-1
http://www.openwall.com/lists/oss-security/2014/12/09/10
http://www.openwall.com/lists/oss-security/2015/01/09/8
http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2
http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb
http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html
openSUSE-SU-2015:0566
openSUSE-SU-2015:0714

CPE    14
cpe:/o:fedoraproject:fedora:21
cpe:/o:debian:debian_linux:7.0
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:canonical:ubuntu_linux:14.10
...
OVAL    39
oval:org.secpod.oval:def:203729
oval:org.secpod.oval:def:501655
oval:org.secpod.oval:def:26793
oval:org.secpod.oval:def:23623
...

© SecPod Technologies