Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9728

Опубликовано: 19 дек. 2014
Источник: redhat
CVSS2: 5.4
EPSS Низкий

Описание

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Меры по смягчению последствий

The UDF filesystem is enabled via loading the UDF kernel module. The kernel module can be prevented from loading via blacklisting see https://access.redhat.com/solutions/41278 for more information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelAffected
Red Hat Enterprise Linux 6kernelAffected
Red Hat Enterprise Linux 7kernelAffected
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise MRG 2realtime-kernelAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1228229Kernel: fs: udf: heap overflow in __udf_adinicb_readpage

EPSS

Процентиль: 12%
0.00041
Низкий

5.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9728

ubuntu
почти 10 лет назад

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

nvd логотип

CVE-2014-9728

nvd
почти 10 лет назад

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

debian логотип

CVE-2014-9728

debian
почти 10 лет назад

The UDF filesystem implementation in the Linux kernel before 3.18.2 do ...

github логотип

GHSA-3mmf-7v44-cphp

github
около 3 лет назад

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

oracle-oval логотип

ELSA-2018-4301

oracle-oval
больше 6 лет назад

ELSA-2018-4301: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 12%
0.00041
Низкий

5.4 Medium

CVSS2