1. Home
  2. Vulnerabilities
  3. CVE-2014-9322

CVE-2014-9322

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (0th)
0.04% Progress
Affected Products 6
Advisories 23
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Weaknesses
CWE-269
Improper Privilege Management
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2014-12-17 11:59:02
(9 years ago)
Updated Date
2023-11-07 02:23:04
(10 months ago)

Affected Products

Canonical

Google

Linux

Opensuse

Redhat

Suse

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 3.2.65 version cpe:2.3:o:linux:linux_kernel < 3.2.65
  Linux Kernel from 3.3 version and prior 3.4.106 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.4.106
  Linux Kernel from 3.5 version and prior 3.10.62 version cpe:2.3:o:linux:linux_kernel >= 3.5 < 3.10.62
  Linux Kernel from 3.11 version and prior 3.12.35 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.35
  Linux Kernel from 3.13 version and prior 3.14.26 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.14.26
  Linux Kernel from 3.15 version and prior 3.16.35 version cpe:2.3:o:linux:linux_kernel >= 3.15 < 3.16.35
  Linux Kernel from 3.17 version and prior 3.17.5 version cpe:2.3:o:linux:linux_kernel >= 3.17 < 3.17.5

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux Eus 5.6 cpe:2.3:o:redhat:enterprise_linux_eus:5.6

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-

Configuration #4

    CPE23 From Up To
  Opensuse Evergreen 11.4 cpe:2.3:o:opensuse:evergreen:11.4
  Suse Linux Enterprise Server 10 SP4 cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp4:*:*:ltss

Configuration #5

    CPE23 From Up To
  Google Android 6.0 cpe:2.3:o:google:android:6.0
  Google Android 6.0.1 cpe:2.3:o:google:android:6.0.1