CVE-2014-9585
published 2015-01-09CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it…
low2.1CVSS 3.1
AVLACLAuNCNIPAN
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 3.16.7-ckt4-1 (bookworm) | linux 3.16.7-ckt4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | <= 3.18.2 | — |
| linux | linux_kernel | >= 0 < 3.16.7-ckt4-1 | 3.16.7-ckt4-1 |
| linux | linux_kernel | >= 0 < 3.16.7-ckt4-1 | 3.16.7-ckt4-1 |
| linux | linux_kernel | >= 0 < 3.16.7-ckt4-1 | 3.16.7-ckt4-1 |
| linux | linux_kernel | >= 0 < 3.16.7-ckt4-1 | 3.16.7-ckt4-1 |
| linux | linux_kernel | >= 0 < 3.13.0-46.77 | 3.13.0-46.77 |
| linux | linux_kernel | >= 0 < 3.13.0-46.75 | 3.13.0-46.75 |
| linux | linux_kernel | >= 0 < 3.13.0-46.76 | 3.13.0-46.76 |
| opensuse | evergreen | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_aus | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
CVSS provenance
nvd2.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv2.1LOW