CVE-2014-9322

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

CVSS v3.0 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2014/12/15/6	Mailing List Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1172806	Issue Tracking Patch Third Party Advisory
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5	Mailing List Patch Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441	Mailing List Patch Vendor Advisory
https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441	Patch Third Party Advisory
http://secunia.com/advisories/62336	Broken Link
http://www.ubuntu.com/usn/USN-2491-1	Third Party Advisory
http://www.exploit-db.com/exploits/36266	Exploit Third Party Advisory VDB Entry
http://osvdb.org/show/osvdb/115919	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html	Mailing List Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-170	Third Party Advisory VDB Entry
https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities	Permissions Required Third Party Advisory
http://source.android.com/security/bulletin/2016-04-02.html	Patch Third Party Advisory
http://marc.info/?l=bugtraq&m=142722450701342&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142722544401658&w=2	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0009.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-2031.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-2028.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-2008.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1998.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:evergreen:11.4:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp4:::ltss:::*

Configuration 5 (hide)

OR	cpe:2.3:o:google:android:6.0.1:::::::*
	cpe:2.3:o:google:android:6.0:::::::*

Information

Published : 2014-12-17 03:59

Updated : 2023-01-17 13:29

NVD link : CVE-2014-9322

Mitre link : CVE-2014-9322

JSON object : View

CWE

CWE-269

Improper Privilege Management

Products Affected

google

android

canonical

ubuntu_linux

suse

suse_linux_enterprise_server

opensuse

evergreen

linux

linux_kernel

redhat

enterprise_linux_eus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2014/12/15/6", "name": "[oss-security] 20141215 Linux kernel: multiple x86_64 vulnerabilities", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172806", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1172806", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5", "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.5", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441", "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f442be2fb22be02cafa606f1769fa1e6f894441", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441", "name": "https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/62336", "name": "62336", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/USN-2491-1", "name": "USN-2491-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.exploit-db.com/exploits/36266", "name": "36266", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://osvdb.org/show/osvdb/115919", "name": "115919", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", "name": "openSUSE-SU-2015:0566", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html", "name": "SUSE-SU-2015:0812", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html", "name": "SUSE-SU-2015:0736", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-170", "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-170", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities", "name": "https://help.joyent.com/entries/98788667-Security-Advisory-ZDI-CAN-3263-ZDI-CAN-3284-and-ZDI-CAN-3364-Vulnerabilities", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://source.android.com/security/bulletin/2016-04-02.html", "name": "http://source.android.com/security/bulletin/2016-04-02.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://marc.info/?l=bugtraq&m=142722450701342&w=2", "name": "HPSBGN03285", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=142722544401658&w=2", "name": "HPSBGN03282", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0009.html", "name": "RHSA-2015:0009", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-2031.html", "name": "RHSA-2014:2031", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-2028.html", "name": "RHSA-2014:2028", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-2008.html", "name": "RHSA-2014:2008", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1998.html", "name": "RHSA-2014:1998", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-269"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-9322", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2014-12-17T11:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.16.35", "versionStartIncluding": "3.15"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.4.106", "versionStartIncluding": "3.3"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.2.65"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.10.62", "versionStartIncluding": "3.5"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.12.35", "versionStartIncluding": "3.11"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.14.26", "versionStartIncluding": "3.13"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.17.5", "versionStartIncluding": "3.17"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-17T21:29Z"}

7.8 /10