CVE-2014-9585

Severity

21%

Complexity

39%

Confidentiality

48%

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 10 years ago

2015-01-09 21:59:00

Last updated 4 years ago

2020-05-21 20:35:00

Affected Software

Linux Kernel

Red Hat Enterprise Linux Desktop 6.0

6.0

RedHat Enterprise Linux Desktop 7.0

7.0

Red Hat Enterprise Linux Server 6.0

6.0

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.3

7.3

Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4

7.4

Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6

7.6

Red Hat Enterprise Linux Server EUS 7.2

7.2

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.3

7.3

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4

7.4

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5

7.5

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6

7.6

Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 6.6

6.6

Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6

7.6

Red Hat Enterprise Linux Workstation 6.0

6.0

RedHat Enterprise Linux Workstation 7.0

7.0

openSUSE Evergreen 11.4

11.4

OpenSUSE 13.1

13.1

SUSE Linux Enterprise Desktop 12

12

SUSE Linux Enterprise Real Time Extension 11 Service Pack 3

11

SUSE Linux Enterprise Server 11 Service Pack 2 Long Term Service Pack Support

11

SUSE Linux Enterprise Server 12

12

SUSE Linux Enterprise Workstation Extension 12

12

Fedora 21

21

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 14.10

14.10

References

http://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=commit;h=bc3b94c31d65e761ddfe150d02932c65971b74e2

Vendor Advisory

http://git.kernel.org/?p=linux/kernel/git/tip/tip.git;a=commit;h=fbe1bf140671619508dfa575d74a185ae53c5dbb

FEDORA-2015-0937

SUSE-SU-2015:0178

SUSE-SU-2015:0481

openSUSE-SU-2015:0566

SUSE-SU-2015:0652

openSUSE-SU-2015:0714

SUSE-SU-2015:0736

RHSA-2015:1081

RHSA-2015:1778

RHSA-2015:1787

http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html

Exploit

DSA-3170

MDVSA-2015:058

[oss-security] 20141209 PIE bypass using VDSO ASLR weakness

Exploit

[oss-security] 20150109 Re: PIE bypass using VDSO ASLR weakness - Linux kernel

71990

USN-2513-1

USN-2514-1

USN-2515-1

USN-2516-1

USN-2517-1

USN-2518-1

http://git.kernel.org/?p=linux/kernel/git/tip/tip.git;a=commit;h=fbe1bf140671619508dfa575d74a185ae53c5dbb

Patch, Vendor Advisory

FEDORA-2015-0937

Mailing List, Third Party Advisory

SUSE-SU-2015:0178

Mailing List, Third Party Advisory

SUSE-SU-2015:0481

Mailing List, Third Party Advisory

openSUSE-SU-2015:0566

Mailing List, Third Party Advisory

SUSE-SU-2015:0652

Mailing List, Third Party Advisory

openSUSE-SU-2015:0714

Mailing List, Third Party Advisory

SUSE-SU-2015:0736

Mailing List, Third Party Advisory

RHSA-2015:1081

Third Party Advisory

RHSA-2015:1778

Third Party Advisory

RHSA-2015:1787

Third Party Advisory

http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html

Broken Link

DSA-3170

Third Party Advisory

MDVSA-2015:058

Third Party Advisory

[oss-security] 20141209 PIE bypass using VDSO ASLR weakness

Exploit, Mailing List, Third Party Advisory

[oss-security] 20150109 Re: PIE bypass using VDSO ASLR weakness - Linux kernel

Mailing List, Third Party Advisory

71990

Third Party Advisory, VDB Entry

USN-2513-1

Third Party Advisory

USN-2514-1

Third Party Advisory

USN-2515-1

Third Party Advisory

USN-2516-1

Third Party Advisory

USN-2517-1

Third Party Advisory

USN-2518-1

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.