CVE-2014-9585

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (11^th)

Affected Products 19

Advisories 38

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2015-01-09 21:59:02
(9 years ago)
Updated Date: 2023-11-07 02:23:06
(10 months ago)

Affected Products

Opensuse

Redhat

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel 3.18.2 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 3.18.2

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_aus:6.6
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Eus 6.6	cpe:2.3:o:redhat:enterprise_linux_eus:6.6
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
	Redhat Enterprise Linux Server Aus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
	Redhat Enterprise Linux Server Aus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
	Redhat Enterprise Linux Server Eus 7.1	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1
	Redhat Enterprise Linux Server Eus 7.2	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
	Redhat Enterprise Linux Server Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
	Redhat Enterprise Linux Server Eus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
	Redhat Enterprise Linux Server Eus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7
	Redhat Enterprise Linux Server Tus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
	Redhat Enterprise Linux Server Tus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
	Redhat Enterprise Linux Server Tus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
	Redhat Enterprise Linux Server Tus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #3

		CPE23	From	Up To
	Opensuse Evergreen 11.4	cpe:2.3:o:opensuse:evergreen:11.4
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Suse Linux Enterprise Desktop 12	cpe:2.3:o:suse:linux_enterprise_desktop:12:-
	Suse Linux Enterprise Real Time Extension 11 SP3	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss
	Suse Linux Enterprise Server 11 SP2	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss
	Suse Linux Enterprise Server 12	cpe:2.3:o:suse:linux_enterprise_server:12:-
	Suse Linux Enterprise Software Development Kit 12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-
	Suse Linux Enterprise Workstation Extension 12	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12

Configuration #4

		CPE23	From	Up To
	Fedoraproject Fedora 21	cpe:2.3:o:fedoraproject:fedora:21

Configuration #5

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #6

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10

Weaknesses

Affected Products

Canonical

Debian

Fedoraproject

Linux