oss-sec mailing list archives

Re: CVE Request: Linux x86_64 userspace address leak

From: cve-assign () mitre org
Date: Thu, 25 Dec 2014 02:28:32 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On all* Linux x86_64 kernels, malicious user programs can learn the
TLS base addresses of threads** that they preempt.

In principle, this bug will allow programs to partially bypass ASLR

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e


Use CVE-2014-9419.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUm7woAAoJEKllVAevmvms++EIALuBBPWGrt7W8K5kbrMb5bzG
Sy8JSp42fXiZ8wgenlrrhzU70VvvjjKYcwklsO3MFTQI/6PEb8297hbc/q+lL6TW
00p6vhfwUIgFdx2QSj/hzU143mE5F7zygMDRcHe4YupTWZNRmXKIvizn/JJ94gjO
dghgjBXqW4jh4i6StIDruwoG4gQOu8BDUQ/bmlYB4MJOBBT2OBaDZeNc2DtTJpDI
d2Dd0PO7jFGzvXZulVXgfIkuSh51aEtXyJ0vwQQ9EtE89EFcBCHlmFFZt+N9sX0M
U5Nz7gHGeCtakGRMHnt9+94mRaERb/91mS2U8GEBKzRM1LGKWpOnztCHaOwGxc8=
=S2To
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Linux x86_64 userspace address leak Andy Lutomirski (Dec 18)
- Re: CVE Request: Linux x86_64 userspace address leak cve-assign (Dec 24)
- Re: CVE Request: Linux x86_64 userspace address leak P J P (Dec 26)
  - Re: CVE Request: Linux x86_64 userspace address leak Andy Lutomirski (Dec 28)