CVE-2014-9322

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Published: Dec 17, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-9322
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	3.15	3.16.35
linux / linux_kernel	3.3	3.4.106
linux / linux_kernel	-	3.2.65
linux / linux_kernel	3.5	3.10.62
linux / linux_kernel	3.11	3.12.35
linux / linux_kernel	3.13	3.14.26
linux / linux_kernel	3.17	3.17.5
redhat / enterprise_linux_eus	5.6	5.6.x
canonical / ubuntu_linux	10.04	10.04.x
opensuse / evergreen	11.4	11.4.x
suse / suse_linux_enterprise_server	10-sp4	10-sp4.x
google / android	6.0.1	6.0.1.x
google / android	6.0	6.0.x

Vulnerability Database

289,599

CVE-2014-9322