Vulnerability in Linux Linux_kernel
CVE-2014-9585
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a locat…
EPSS: 0.000 (14.1th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
- Debian Debian_linux — versions 7.0, 8.0
- Fedoraproject Fedora — versions 21
- Opensuse Evergreen — versions 11.4
- Opensuse — versions 13.1
- Redhat Enterprise_linux_aus — versions 6.6
- Redhat Enterprise_linux_desktop — versions 6.0, 7.0
- Redhat Enterprise_linux_eus — versions 6.6
- Redhat Enterprise_linux_server — versions 6.0, 7.0
References
- cve@mitre.org (x_refsource_CONFIRM)
- USN-2515-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- DSA-3170 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- SUSE-SU-2015:0736 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- SUSE-SU-2015:0652 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- RHSA-2015:1778 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- SUSE-SU-2015:0178 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- USN-2514-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- FEDORA-2015-0937 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
- [oss-security] 20150109 Re: PIE bypass using VDSO ASLR weakness - Linux kernel (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)