CVE-2014-9585

14 documents8 sources

Severity

2.1LOW

EPSS

0.0%

top 86.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Debian Debian Linux +16 more

Timeline

PublishedJan 9

Latest updateMay 13

Description

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages12 packages

▶NVDlinux/linux_kernel3.18.2

▶Debianlinux< 3.16.7-ckt4-1+3

▶NVDsuse/linux_enterprise_server11, 12+1

▶NVDsuse/linux_enterprise_desktop12

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 14.10, Enterprise Linux 6.6, 7.3, 7.4, 7.6, 7.7, 7.1, 7.2, 7.5, Fedora 21

🔴Vulnerability Details

GHSA

GHSA-g7mm-wg9g-mhg5: The vdso_addr function in arch/x86/vdso/vma↗2022-05-13

▶

CVEList

CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma↗2015-01-09

▶

OSV

CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma↗2015-01-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2015-02-26

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2015-02-26

▶

Ubuntu

Linux kernel vulnerabilities↗2015-02-26

▶

Ubuntu

Linux kernel vulnerabilities↗2015-02-26

▶

Ubuntu

Linux kernel (Utopic HWE) vulnerabilities↗2015-02-26

▶

💬Community

Bugzilla

CVE-2014-9585 kernel: ASLR bruteforce possible for vdso library↗2015-01-12

▶

Bugzilla

CVE-2014-9585 kernel: ASLR bruteforce possible for vdso library [fedora-all]↗2015-01-12

▶