1. Home
  2. Vulnerabilities
  3. CVE-2014-9419

CVE-2014-9419

CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 1
Advisories 39
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2014-12-26 00:59:00
(9 years ago)
Updated Date
2023-11-07 02:23:04
(10 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 3.18.1 and prior versions cpe:2.3:o:linux:linux_kernel <= 3.18.1