Bug 1177260 (CVE-2014-9419)

Summary: CVE-2014-9419 kernel: partial ASLR bypass through TLS base addresses leak
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: aquini, bhu, carnil, ccoleman, dhoward, dmcphers, fhrbata, gansalmon, iboverma, itamar, jforbes, jialiu, jkacur, joelsmith, jokerman, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lmeyer, madhu.chinakonda, matt, mchehab, mcressma, mmccomas, mmcgrath, nmurray, plougher, pmatouse, ppandit, rt-maint, rvrbovsk, slawomir, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:37:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1177263, 1177353, 1177354, 1223330, 1223331, 1223723    
Bug Blocks: 1176101    

Description Vasyl Kaigorodov 2014-12-25 13:36:17 UTC 
It was found that the Linux kernel is vulnerable to an information leakage flaw in the way certain segment registers and TLS are changed during context switch.

An unprivileged user/process could use this flaw to leak other process's user space TLS base address.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/f647d7c155f069c1a068030255c300663516420e

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2014/12/18/17
Comment 1 Vasyl Kaigorodov 2014-12-25 13:37:40 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1177263]
Comment 2 Prasad Pandit 2014-12-26 14:05:30 UTC 
Statement:

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.

This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.
Comment 4 Fedora Update System 2015-01-11 02:58:14 UTC 
kernel-3.17.8-300.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2015-01-13 00:05:49 UTC 
kernel-3.17.8-200.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 errata-xmlrpc 2015-06-09 14:48:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1081 https://rhn.redhat.com/errata/RHSA-2015-1081.html
Comment 13 errata-xmlrpc 2015-11-19 13:04:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2411 https://rhn.redhat.com/errata/RHSA-2015-2411.html
Comment 14 errata-xmlrpc 2015-11-19 20:56:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2152 https://rhn.redhat.com/errata/RHSA-2015-2152.html
Comment 15 errata-xmlrpc 2015-11-19 23:23:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2152 https://rhn.redhat.com/errata/RHSA-2015-2152.html