kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #98062
[Bug 1407945] [NEW] CVE-2014-9419
*** This bug is a security vulnerability ***
Public security bug reported:
The __switch_to function in arch/x86/kernel/process_64.c in the Linux
kernel through 3.18.1 does not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which makes
it easier for local users to bypass the ASLR protection mechanism via a
crafted application that reads a TLS base address.
Break-Fix: - f647d7c155f069c1a068030255c300663516420e
** Affects: linux (Ubuntu)
Importance: Medium
Status: New
** Affects: linux-armadaxp (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-ec2 (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-lts-raring (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-lts-trusty (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-lts-utopic (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu)
Importance: Medium
Status: Invalid
** Affects: linux (Ubuntu Lucid)
Importance: Medium
Status: New
** Affects: linux-armadaxp (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-ec2 (Ubuntu Lucid)
Importance: Medium
Status: New
** Affects: linux-fsl-imx51 (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-trusty (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-utopic (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Lucid)
Importance: Medium
Status: Invalid
** Affects: linux (Ubuntu Precise)
Importance: Medium
Status: New
** Affects: linux-armadaxp (Ubuntu Precise)
Importance: Medium
Status: New
** Affects: linux-ec2 (Ubuntu Precise)
Importance: Medium
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Precise)
Importance: Medium
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Precise)
Importance: Medium
Status: New
** Affects: linux-lts-raring (Ubuntu Precise)
Importance: Medium
Status: New
** Affects: linux-lts-saucy (Ubuntu Precise)
Importance: Medium
Status: New
** Affects: linux-lts-trusty (Ubuntu Precise)
Importance: Medium
Status: New
** Affects: linux-lts-utopic (Ubuntu Precise)
Importance: Medium
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Precise)
Importance: Medium
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Precise)
Importance: Medium
Status: New
** Affects: linux (Ubuntu Trusty)
Importance: Medium
Status: New
** Affects: linux-armadaxp (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-ec2 (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-lts-trusty (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-lts-utopic (Ubuntu Trusty)
Importance: Medium
Status: New
** Affects: linux-mvl-dove (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Trusty)
Importance: Medium
Status: Invalid
** Affects: linux (Ubuntu Utopic)
Importance: Medium
Status: New
** Affects: linux-armadaxp (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-ec2 (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Utopic)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Utopic)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-lts-trusty (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-lts-utopic (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Utopic)
Importance: Medium
Status: Invalid
** Affects: linux (Ubuntu Vivid)
Importance: Medium
Status: New
** Affects: linux-armadaxp (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-ec2 (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Vivid)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Vivid)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-trusty (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-lts-utopic (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Vivid)
Importance: Medium
Status: Invalid
** Tags: kernel-cve-tracking-bug
** Tags added: kernel-cve-tracking-bug
** Information type changed from Public to Public Security
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9419
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1407945
Title:
CVE-2014-9419
Status in linux package in Ubuntu:
New
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-ec2 package in Ubuntu:
Invalid
Status in linux-fsl-imx51 package in Ubuntu:
Invalid
Status in linux-lts-backport-maverick package in Ubuntu:
New
Status in linux-lts-backport-natty package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-lts-trusty package in Ubuntu:
Invalid
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux-mvl-dove package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux source package in Lucid:
New
Status in linux-armadaxp source package in Lucid:
Invalid
Status in linux-ec2 source package in Lucid:
New
Status in linux-fsl-imx51 source package in Lucid:
Invalid
Status in linux-lts-backport-maverick source package in Lucid:
New
Status in linux-lts-backport-natty source package in Lucid:
New
Status in linux-lts-quantal source package in Lucid:
Invalid
Status in linux-lts-raring source package in Lucid:
Invalid
Status in linux-lts-saucy source package in Lucid:
Invalid
Status in linux-lts-trusty source package in Lucid:
Invalid
Status in linux-lts-utopic source package in Lucid:
Invalid
Status in linux-mvl-dove source package in Lucid:
Invalid
Status in linux-ti-omap4 source package in Lucid:
Invalid
Status in linux source package in Precise:
New
Status in linux-armadaxp source package in Precise:
New
Status in linux-ec2 source package in Precise:
Invalid
Status in linux-fsl-imx51 source package in Precise:
Invalid
Status in linux-lts-backport-maverick source package in Precise:
New
Status in linux-lts-backport-natty source package in Precise:
New
Status in linux-lts-quantal source package in Precise:
New
Status in linux-lts-raring source package in Precise:
New
Status in linux-lts-saucy source package in Precise:
New
Status in linux-lts-trusty source package in Precise:
New
Status in linux-lts-utopic source package in Precise:
Invalid
Status in linux-mvl-dove source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
New
Status in linux source package in Trusty:
New
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-ec2 source package in Trusty:
Invalid
Status in linux-fsl-imx51 source package in Trusty:
Invalid
Status in linux-lts-backport-maverick source package in Trusty:
New
Status in linux-lts-backport-natty source package in Trusty:
New
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux-lts-utopic source package in Trusty:
New
Status in linux-mvl-dove source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Status in linux source package in Utopic:
New
Status in linux-armadaxp source package in Utopic:
Invalid
Status in linux-ec2 source package in Utopic:
Invalid
Status in linux-fsl-imx51 source package in Utopic:
Invalid
Status in linux-lts-backport-maverick source package in Utopic:
New
Status in linux-lts-backport-natty source package in Utopic:
New
Status in linux-lts-quantal source package in Utopic:
Invalid
Status in linux-lts-raring source package in Utopic:
Invalid
Status in linux-lts-saucy source package in Utopic:
Invalid
Status in linux-lts-trusty source package in Utopic:
Invalid
Status in linux-lts-utopic source package in Utopic:
Invalid
Status in linux-mvl-dove source package in Utopic:
Invalid
Status in linux-ti-omap4 source package in Utopic:
Invalid
Status in linux source package in Vivid:
New
Status in linux-armadaxp source package in Vivid:
Invalid
Status in linux-ec2 source package in Vivid:
Invalid
Status in linux-fsl-imx51 source package in Vivid:
Invalid
Status in linux-lts-backport-maverick source package in Vivid:
New
Status in linux-lts-backport-natty source package in Vivid:
New
Status in linux-lts-quantal source package in Vivid:
Invalid
Status in linux-lts-raring source package in Vivid:
Invalid
Status in linux-lts-saucy source package in Vivid:
Invalid
Status in linux-lts-trusty source package in Vivid:
Invalid
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux-mvl-dove source package in Vivid:
Invalid
Status in linux-ti-omap4 source package in Vivid:
Invalid
Bug description:
The __switch_to function in arch/x86/kernel/process_64.c in the Linux
kernel through 3.18.1 does not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which makes
it easier for local users to bypass the ASLR protection mechanism via
a crafted application that reads a TLS base address.
Break-Fix: - f647d7c155f069c1a068030255c300663516420e
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1407945/+subscriptions
Follow ups
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2016-05-05
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2016-04-27
-
[Bug 1407945] Re: CVE-2014-9419
From: Rolf Leggewie, 2016-04-24
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2016-04-19
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2016-02-10
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2015-12-03
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2015-11-16
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2015-11-10
-
[Bug 1407945] Re: CVE-2014-9419
From: Steve Beattie, 2015-10-28
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-07-28
-
[Bug 1407945] Re: CVE-2014-9419
From: Rolf Leggewie, 2015-06-18
-
[Bug 1407945] Re: CVE-2014-9419
From: Rolf Leggewie, 2015-06-18
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-05-08
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-05-04
-
[Bug 1407945] Re: CVE-2014-9419
From: Mathew Hodson, 2015-03-29
-
[Bug 1407945] Re: CVE-2014-9419
From: Mathew Hodson, 2015-03-24
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-03-24
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-03-11
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-03-04
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-03-02
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-02-17
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-01-28
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-01-12
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-01-09
-
[Bug 1407945] Re: CVE-2014-9419
From: John Johansen, 2015-01-06
-
[Bug 1407945] [NEW] CVE-2014-9419
From: John Johansen, 2015-01-06
References