CVE-2014-9420

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 26-12-2014 01:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:N/I:N/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.9

Base score

3.9

6.9

Exploitability score

Impact score

Verification logic

Reference

[oss-security] 20141225 Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records-
https://bugzilla.redhat.com/show_bug.cgi?id=1175235
https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d
62801-
USN-2492-1-
USN-2518-1-
USN-2515-1-
USN-2516-1-
USN-2493-1-
USN-2490-1-
USN-2517-1-
USN-2491-1-
SUSE-SU-2015:0178-
MDVSA-2015:058-
SUSE-SU-2015:0652-
FEDORA-2015-0517-
FEDORA-2015-0515-
SUSE-SU-2015:0812-
SUSE-SU-2015:0736-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
openSUSE-SU-2015:0714-
https://source.android.com/security/bulletin/2017-01-01.html
RHSA-2015:1138-
RHSA-2015:1137-
RHSA-2015:1081-

Keywords

CVE-2014-9420

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-9420

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures