{
  "threat_severity" : "Low",
  "public_date" : "2014-12-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS",
    "id" : "1172797",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1172797"
  },
  "cvss" : {
    "cvss_base_score" : "1.9",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.", "It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks), and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses." ],
  "statement" : "This issue did not affect the Linux kernel packages as shipped with Red\nHat Enterprise Linux 7 and Red Hat Enterprise Linux MRG 2.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Low security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Andy Lutomirski for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-20T00:00:00Z",
    "advisory" : "RHSA-2015:1272",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-573.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8133\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8133" ],
  "name" : "CVE-2014-8133",
  "csaw" : false
}