> This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF<p>Another reminder why everyone should be using <a href="https://grsecurity.net" rel="nofollow">https://grsecurity.net</a> which provides these mitigations to the Linux kernel via patches. GRSecurity has had SMAP aka KERNEXEC for a long time as well as UDEREF <a href="https://grsecurity.net/~spender/uderef.txt" rel="nofollow">https://grsecurity.net/~spender/uderef.txt</a><p>If you keep any sensitive data on a Linux server you should seriously consider grsec.<p>Even last week there was an ASLR bypass posted on OSS-security which of-course grsec already protected you against <a href="http://seclists.org/oss-sec/2014/q4/908" rel="nofollow">http://seclists.org/oss-sec/2014/q4/908</a><p>There is a lot of drama around the fact Linux core devs don't adopt these patches by default. But regardless Linux is pretty insecure by default and grsec makes privesc via various classes of exploits significantly harder.
Status for at least one of the CVEs in Debian is here: <a href="https://security-tracker.debian.org/tracker/CVE-2014-8133" rel="nofollow">https://security-tracker.debian.org/tracker/CVE-2014-8133</a> (currently unfixed)