Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9730

Опубликовано: 19 дек. 2014
Источник: redhat
CVSS2: 5.4
EPSS Низкий

Описание

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Меры по смягчению последствий

The UDF filesystem is enabled via loading the UDF kernel module. The kernel module can be prevented from loading via blacklisting see https://access.redhat.com/solutions/41278 for more information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelAffected
Red Hat Enterprise Linux 6kernelAffected
Red Hat Enterprise Linux 7kernelAffected
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise MRG 2realtime-kernelAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1228229Kernel: fs: udf: heap overflow in __udf_adinicb_readpage

EPSS

Процентиль: 12%
0.00042
Низкий

5.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9730

ubuntu
больше 10 лет назад

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

nvd логотип

CVE-2014-9730

nvd
больше 10 лет назад

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

debian логотип

CVE-2014-9730

debian
больше 10 лет назад

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel be ...

github логотип

GHSA-g26h-h44q-fqf3

github
больше 3 лет назад

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

suse-cvrf логотип

SUSE-SU-2015:1324-1

suse-cvrf
больше 10 лет назад

Security update for the SUSE Linux Enterprise 12 kernel

EPSS

Процентиль: 12%
0.00042
Низкий

5.4 Medium

CVSS2