CVE-2014-9322
Linux Kernel - 'BadIRET' Local Privilege Escalation
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
arch/x86/kernel/entry_64.S en el kernel de Linux anterior a 3.17.5 no maneja correctamente los fallos asociados con el registro de segmento Stack Segment (SS), lo que permite a usuarios locales ganar privilegios mediante la provocación de una instrucción IRET que lleva al acceso a una dirección de GS Base del espacio equivocado.
A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-12-07 CVE Reserved
- 2014-12-16 CVE Published
- 2015-03-04 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
- CWE-841: Improper Enforcement of Behavioral Workflow
CAPEC
References (25)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441 | X_refsource_confirm | |
| http://osvdb.org/show/osvdb/115919 | Broken Link | |
| http://secunia.com/advisories/62336 | Broken Link | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-170 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44205 | 2017-07-24 | |
| https://www.exploit-db.com/exploits/36266 | 2015-03-04 | |
| https://github.com/RKX1209/CVE-2014-9322 | 2017-07-24 | |
| http://www.exploit-db.com/exploits/36266 | 2024-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.65 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.65" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.4.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.106" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.5 < 3.10.62 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.62" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.35" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.14.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.26" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.15 < 3.16.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.17.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.17.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5.6" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Evergreen Search vendor "Opensuse" for product "Evergreen" | 11.4 Search vendor "Opensuse" for product "Evergreen" and version "11.4" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 10 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "10" | sp4, ltss |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0 Search vendor "Google" for product "Android" and version "6.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0.1 Search vendor "Google" for product "Android" and version "6.0.1" | - |
Affected
| ||||||