CVE-2014-5472

Опубликовано: 26 авг. 2014

Источник: redhat

CVSS2: 6.2

Описание

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.

It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2014:1997	16.12.2014
Red Hat Enterprise Linux 6.2 Advanced Update Support	kernel	Fixed	RHSA-2015:0695	17.03.2015
Red Hat Enterprise Linux 6.4 Advanced Update Support	kernel	Fixed	RHSA-2015:0803	14.04.2015
Red Hat Enterprise Linux 6.5 Extended Update Support	kernel	Fixed	RHSA-2015:0782	07.04.2015
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:0102	28.01.2015
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2014:1318	29.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=1134099kernel: isofs: unbound recursion when processing relocated directories

6.2 Medium

CVSS2

Связанные уязвимости

CVE-2014-5472

ubuntu

больше 11 лет назад

CVE-2014-5472

nvd

больше 11 лет назад

CVE-2014-5472

debian

больше 11 лет назад

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...

GHSA-8jr9-77qv-x3wr

github

больше 3 лет назад

ELSA-2014-3107

oracle-oval

около 11 лет назад

ELSA-2014-3107: Unbreakable Enterprise kernel security update (IMPORTANT)

6.2 Medium

CVSS2