Security Bypass vulnerability in stack randomization feature in linux kernel before 3.19.1 on 64-bit platformsDeprecated |
ID: oval:org.secpod.oval:def:24040 | Date: (C)2015-04-07 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
The host is installed with linux kernel before 3.19.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which uses incorrect data types for the results of bitwise left-shift operations. Successful exploitation allows attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.
Platform: |
Red Hat Enterprise Linux 6 |
Red Hat Enterprise Linux 7 |