CVE-2014-9585

Public Exploit

Description

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1

CVSS

Severity: Low

CVSS 2.0 •

EPSS 0.12%

Vendor Advisory ubuntu.com Vendor Advisory debian.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory fedoraproject.org Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory mandriva.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com

Affected: n/a n/a

References

Link	Tags
http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb
http://www.ubuntu.com/usn/USN-2515-1	third party advisory vendor advisory
http://www.debian.org/security/2015/dsa-3170	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html	vendor advisory mailing list third party advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html	vendor advisory mailing list third party advisory
http://rhn.redhat.com/errata/RHSA-2015-1778.html	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html	vendor advisory mailing list third party advisory
http://www.ubuntu.com/usn/USN-2514-1	third party advisory vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html	vendor advisory mailing list third party advisory
http://www.openwall.com/lists/oss-security/2015/01/09/8	third party advisory mailing list
http://www.ubuntu.com/usn/USN-2518-1	third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1787.html	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html	vendor advisory mailing list third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058	third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html	vendor advisory mailing list third party advisory
http://www.securityfocus.com/bid/71990	third party advisory vdb entry
http://www.openwall.com/lists/oss-security/2014/12/09/10	mailing list third party advisory exploit
http://www.ubuntu.com/usn/USN-2517-1	third party advisory vendor advisory
http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html	broken link
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html	vendor advisory mailing list third party advisory
http://www.ubuntu.com/usn/USN-2516-1	third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-2513-1	third party advisory vendor advisory
http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2
http://rhn.redhat.com/errata/RHSA-2015-1081.html	third party advisory vendor advisory

Frequently Asked Questions

What is the severity of CVE-2014-9585?: CVE-2014-9585 has been scored as a low severity vulnerability.
How to fix CVE-2014-9585?: To fix CVE-2014-9585, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2014-9585 being actively exploited in the wild?: It is possible that CVE-2014-9585 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.