Published: 01/09/2014 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 6.9 | Exploitability Score: 1.9

VMScore: 357

Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel up to and including 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
linux linux kernel 3.16.0

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Important securityimpact ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Important securityimpact ...

Several security issues were fixed in the kernel ...

It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileg ...

CWE-20 http://www.openwall.com/lists/oss-security/2014/08/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=1134099 https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 https://code.google.com/p/google-security-research/issues/detail?id=88 http://www.ubuntu.com/usn/USN-2355-1 http://www.ubuntu.com/usn/USN-2354-1 http://www.ubuntu.com/usn/USN-2358-1 http://www.ubuntu.com/usn/USN-2359-1 http://www.ubuntu.com/usn/USN-2357-1 http://www.ubuntu.com/usn/USN-2356-1 http://rhn.redhat.com/errata/RHSA-2014-1318.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-0102.html http://rhn.redhat.com/errata/RHSA-2015-0695.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-0782.html http://rhn.redhat.com/errata/RHSA-2015-0803.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l=bugtraq&m=142722450701342&w=2 http://marc.info/?l=bugtraq&m=142722544401658&w=2 http://www.securityfocus.com/bid/69428 https://exchange.xforce.ibmcloud.com/vulnerabilities/95556 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 https://access.redhat.com/errata/RHSA-2015:0102 https://nvd.nist.gov https://usn.ubuntu.com/2358-1/https://access.redhat.com/security/cve/cve-2014-5472

CVE-2014-5472

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect