DEPRECATED: Code

CVE-2014-9090

Medium

4.9/10

Summary

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

Access Complexity: LOW
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: COMPLETE

CWE-17 - DEPRECATED: Code

This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

References

Advisory Timeline

Published Nov 30, 2014

DEPRECATED: Code

CVE-2014-9090

Summary

CWE-17 - DEPRECATED: Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS