Main Vulnerability Database Exploits ID:6381 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel and Google Android - CVE-2014-9322

ID:6381 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel and Google Android - CVE-2014-9322

Published: June 17, 2021

Vulnerability identifier: #VU41004

Vulnerability risk: High

CVE-ID: CVE-2014-9322

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Linux kernel
Google Android

Link to public exploit:

https://www.exploit-db.com/exploits/44205/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Remediation

Install update from vendor's website.

ID:6381 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel and Google Android - CVE-2014-9322

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human