PT-2014-1859 · Centos+5 · Centos+5

Published

2014-12-07

·

Updated

2025-09-29

·

CVE-2014-9322

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel versions prior to 3.17.5 CentOS kernel versions prior to 3.17.5
Description The vulnerability in the Linux kernel can lead to a disruption of confidentiality, integrity, and availability of protected information. It can be exploited locally or remotely, depending on the specific package and version. The issue is related to the handling of faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
Recommendations For Red Hat Enterprise Linux kernel versions prior to 3.17.5, update to a version 3.17.5 or later. For CentOS kernel versions prior to 3.17.5, update to a version 3.17.5 or later. As a temporary workaround, consider restricting access to the vulnerable kernel packages until a patch is available.

Exploit

Fix

Improper Privilege Management

Weakness Enumeration

CWE-841CWE-269

Related Identifiers

ALSA-2025_16880
ALT-PU-2014-2423
ALT-PU-2014-2424
BDU:2015-06999
BDU:2015-07000
BDU:2015-07001
BDU:2015-07002
BDU:2015-07003
BDU:2015-07004
BDU:2015-07005
BDU:2015-07006
BDU:2015-07007
BDU:2015-07008
BDU:2015-07009
BDU:2015-07010
BDU:2015-07011
BDU:2015-07012
BDU:2015-07013
BDU:2015-07014
BDU:2015-07015
BDU:2015-07016
BDU:2015-07017
BDU:2015-07278
BDU:2015-07279
BDU:2015-07280
BDU:2015-07281
BDU:2015-07282
BDU:2015-07283
BDU:2015-07284
BDU:2015-07285
BDU:2015-07286
BDU:2015-07287
BDU:2015-07288
BDU:2015-07289
BDU:2015-09300
BDU:2015-09301
BDU:2015-09302
BDU:2015-09303
BDU:2015-09304
BDU:2015-09305
BDU:2015-09306
BDU:2015-09307
BDU:2015-09308
BDU:2015-09309
BDU:2015-09310
BDU:2015-09311
BDU:2015-09312
BDU:2015-09313
BDU:2015-09314
BDU:2015-09315
BDU:2015-09316
BDU:2015-09317
BDU:2015-09318
BDU:2015-09319
BDU:2015-09320
BDU:2015-09321
BDU:2015-09322
BDU:2015-09323
BDU:2015-09324
BDU:2015-09325
BDU:2015-09326
BDU:2015-09327
BDU:2015-09328
BDU:2015-09329
BDU:2015-09330
CESA-2014_1997
CESA-2014_2010
CVE-2014-9322
ELSA-2014-1997
ELSA-2014-2010
ELSA-2014-3106
ELSA-2014-3107
ELSA-2014-3108
MGASA-2015-0006
MGASA-2015-0075
MGASA-2015-0076
MGASA-2015-0077
MGASA-2015-0078
OPENSUSE-SU-2014_1669-1
OPENSUSE-SU-2014_1677-1
OPENSUSE-SU-2014_1678-1
RHSA-2014:1997
RHSA-2014:1998
RHSA-2014:2008
RHSA-2014:2009
RHSA-2014:2010
RHSA-2014:2028
RHSA-2014:2029
RHSA-2014:2030
RHSA-2014:2031
RHSA-2014_1997
RHSA-2014_2008
RHSA-2014_2010
RHSA-2015:0009
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2443-1
USN-2445-1
USN-2446-1
USN-2447-1
USN-2447-2
USN-2448-1
USN-2462-1
USN-2464-1
USN-2491-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu