SUSE CVE-2005-3276

The sysgetthreadarea function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information...

SUSE CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT which espfix checks, and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses...

DEBIAN-CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...