CVE-2014-9585

Current Description

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Basic Data

PublishedJanuary 09, 2015
Last ModifiedMay 21, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********3.18.2
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Aus6.6*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Eus6.6*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus7.3*******
    2.3OSRedhatEnterprise Linux Server Aus7.4*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Aus7.7*******
    2.3OSRedhatEnterprise Linux Server Eus7.1*******
    2.3OSRedhatEnterprise Linux Server Eus7.2*******
    2.3OSRedhatEnterprise Linux Server Eus7.3*******
    2.3OSRedhatEnterprise Linux Server Eus7.4*******
    2.3OSRedhatEnterprise Linux Server Eus7.5*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.7*******
    2.3OSRedhatEnterprise Linux Server Tus6.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.3*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.7*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseEvergreen11.4*******
    2.3OSOpensuseOpensuse13.1*******
    2.3OSSuseLinux Enterprise Desktop12-******
    2.3OSSuseLinux Enterprise Real Time Extension11sp3******
    2.3OSSuseLinux Enterprise Server11sp1**ltss***
    2.3OSSuseLinux Enterprise Server11sp2**ltss***
    2.3OSSuseLinux Enterprise Server12-******
    2.3OSSuseLinux Enterprise Software Development Kit12-******
    2.3OSSuseLinux Enterprise Workstation Extension12*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSFedoraprojectFedora21*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
    2.3OSDebianDebian Linux8.0*******
  • OR - Configuration 6
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux12.04***lts***
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux14.10*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0, 8.0
Redhat Enterprise Linux Workstation 6.0, 7.0
Redhat Enterprise Linux Eus 6.6
Redhat Enterprise Linux Desktop 6.0, 7.0
Redhat Enterprise Linux Server Aus 7.3, 7.4, 7.6, 7.7
Redhat Enterprise Linux Server Tus 6.6, 7.3, 7.6, 7.7
Redhat Enterprise Linux Aus 6.6
Redhat Enterprise Linux Server Eus 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7
Redhat Enterprise Linux Server 6.0, 7.0
Canonical Ubuntu Linux 12.04, 14.04, 14.10
Opensuse Evergreen 11.4
Opensuse Opensuse 13.1
Linux Linux Kernel *
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Workstation Extension 12
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Real Time Extension 11
Suse Linux Enterprise Server 11, 12
Fedoraproject Fedora 21

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=commit;h=bc3b94c31d65e761ddfe150d02932c65971b74e2http://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=commit;h=bc3b94c31d65e761ddfe150d02932c65MISCVendor Advisory
http://git.kernel.org/?p=linux/kernel/git/tip/tip.git;a=commit;h=fbe1bf140671619508dfa575d74a185ae53c5dbbhttp://git.kernel.org/?p=linux/kernel/git/tip/tip.git;a=commit;h=fbe1bf140671619508dfa575d74a185ae53CONFIRMPatch Vendor Advisory
FEDORA-2015-0937http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.htmlFEDORAMailing List Third Party Advisory
SUSE-SU-2015:0178http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.htmlSUSEMailing List Third Party Advisory
SUSE-SU-2015:0481http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlSUSEMailing List Third Party Advisory
openSUSE-SU-2015:0566http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.htmlSUSEMailing List Third Party Advisory
SUSE-SU-2015:0652http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.htmlSUSEMailing List Third Party Advisory
openSUSE-SU-2015:0714http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlSUSEMailing List Third Party Advisory
SUSE-SU-2015:0736http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlSUSEMailing List Third Party Advisory
RHSA-2015:1081http://rhn.redhat.com/errata/RHSA-2015-1081.htmlREDHATThird Party Advisory
RHSA-2015:1778http://rhn.redhat.com/errata/RHSA-2015-1778.htmlREDHATThird Party Advisory
RHSA-2015:1787http://rhn.redhat.com/errata/RHSA-2015-1787.htmlREDHATThird Party Advisory
http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.htmlhttp://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.htmlMISCBroken Link
DSA-3170http://www.debian.org/security/2015/dsa-3170DEBIANThird Party Advisory
MDVSA-2015:058http://www.mandriva.com/security/advisories?name=MDVSA-2015:058MANDRIVAThird Party Advisory
[oss-security] 20141209 PIE bypass using VDSO ASLR weaknesshttp://www.openwall.com/lists/oss-security/2014/12/09/10MLISTExploit Mailing List Third Party Advisory
[oss-security] 20150109 Re: PIE bypass using VDSO ASLR weakness - Linux kernelhttp://www.openwall.com/lists/oss-security/2015/01/09/8MLISTMailing List Third Party Advisory
71990http://www.securityfocus.com/bid/71990BIDThird Party Advisory VDB Entry
USN-2513-1http://www.ubuntu.com/usn/USN-2513-1UBUNTUThird Party Advisory
USN-2514-1http://www.ubuntu.com/usn/USN-2514-1UBUNTUThird Party Advisory
USN-2515-1http://www.ubuntu.com/usn/USN-2515-1UBUNTUThird Party Advisory
USN-2516-1http://www.ubuntu.com/usn/USN-2516-1UBUNTUThird Party Advisory
USN-2517-1http://www.ubuntu.com/usn/USN-2517-1UBUNTUThird Party Advisory
USN-2518-1http://www.ubuntu.com/usn/USN-2518-1UBUNTUThird Party Advisory