Red Hat Bugzilla – Bug 1177260
CVE-2014-9419 kernel: partial ASLR bypass through TLS base addresses leak
Last modified: 2018-08-28 17:56:46 EDT
It was found that the Linux kernel is vulnerable to an information leakage flaw in the way certain segment registers and TLS are changed during context switch. An unprivileged user/process could use this flaw to leak other process's user space TLS base address. Upstream fix: ------------- -> https://git.kernel.org/linus/f647d7c155f069c1a068030255c300663516420e Reference: ---------- -> http://www.openwall.com/lists/oss-security/2014/12/18/17
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1177263]
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.
kernel-3.17.8-300.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.17.8-200.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1081 https://rhn.redhat.com/errata/RHSA-2015-1081.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2411 https://rhn.redhat.com/errata/RHSA-2015-2411.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2152 https://rhn.redhat.com/errata/RHSA-2015-2152.html