CVE-2014-9730

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 31-08-2015 12:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:N/I:N/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.9

Base score

3.9

6.9

Exploitability score

Impact score

Verification logic

Reference

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
https://bugzilla.redhat.com/show_bug.cgi?id=1228229
[oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage-
https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9
74964-
SUSE-SU-2015:1611-
SUSE-SU-2015:1592-
openSUSE-SU-2015:1382-
SUSE-SU-2015:1324-
SUSE-SU-2015:1224-

Keywords

CVE-2014-9730

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-9730

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures