CVE-2014-9090

2014-11-3001:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve-2014-9090

linux kernel

denial of service

ss segment register

nvd

security vulnerability

5.7 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq3.0.25
linux:linux_kernellinux linux kerneleq3.15.8
linux:linux_kernellinux linux kerneleq3.1.2
linux:linux_kernellinux linux kerneleq3.10.8
linux:linux_kernellinux linux kerneleq3.15.1
linux:linux_kernellinux linux kerneleq3.0
linux:linux_kernellinux linux kerneleq3.0.22
linux:linux_kernellinux linux kerneleq3.12
linux:linux_kernellinux linux kerneleq3.0.5
linux:linux_kernellinux linux kerneleq3.0.68

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	3.0.25
linux:linux_kernel	linux linux kernel	eq	3.15.8
linux:linux_kernel	linux linux kernel	eq	3.1.2
linux:linux_kernel	linux linux kernel	eq	3.10.8
linux:linux_kernel	linux linux kernel	eq	3.15.1
linux:linux_kernel	linux linux kernel	eq	3.0
linux:linux_kernel	linux linux kernel	eq	3.0.22
linux:linux_kernel	linux linux kernel	eq	3.12
linux:linux_kernel	linux linux kernel	eq	3.0.5
linux:linux_kernel	linux linux kernel	eq	3.0.68