CVE-2015-4167

Опубликовано: 07 янв. 2015

Источник: redhat

CVSS2: 4.7

Описание

The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.

An inode data validation error was found in Linux kernels built with UDF file system (CONFIG_UDF_FS) support. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Меры по смягчению последствий

The UDF filesystem is enabled via loading the UDF kernel module. The kernel module can be prevented from loading via blacklisting see https://access.redhat.com/solutions/41278 for more information.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Will not fix
Red Hat Enterprise MRG 2	realtime-kernel	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-130

https://bugzilla.redhat.com/show_bug.cgi?id=1228204Kernel: fs: udf: Check length of extended attributes to avoid oops

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2015-4167

ubuntu

около 10 лет назад

CVE-2015-4167

nvd

около 10 лет назад

CVE-2015-4167

debian

около 10 лет назад

The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...

GHSA-643c-pwr2-wq99

github

около 3 лет назад

ELSA-2017-3597

oracle-oval

около 8 лет назад

ELSA-2017-3597: Unbreakable Enterprise kernel security update (IMPORTANT)

4.7 Medium

CVSS2