Bypassing ESPFIX and ASLR Protections in Linux Kernel TLS Implementation

Bypassing ESPFIX and ASLR Protections in Linux Kernel TLS Implementation

CVE-2014-8133 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.