Published: 26/12/2014 Updated: 13/02/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The rock_continue function in fs/isofs/rock.c in the Linux kernel up to and including 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Debian Bug report logs - #774155 linux: CVE-2014-9428: Remote crash of kernel via batman-adv module Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: conchur@webde Date: Mon, 29 Dec 2014 16:48:01 UTC Severity: important Tags: patch, security, upstream Found in versi ...

USN-2516-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

USN-2516-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

USN-2515-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE) An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service ...

CWE-399 http://www.openwall.com/lists/oss-security/2014/12/25/4 https://bugzilla.redhat.com/show_bug.cgi?id=1175235 https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d http://secunia.com/advisories/62801 http://www.ubuntu.com/usn/USN-2492-1 http://www.ubuntu.com/usn/USN-2518-1 http://www.ubuntu.com/usn/USN-2515-1 http://www.ubuntu.com/usn/USN-2516-1 http://www.ubuntu.com/usn/USN-2493-1 http://www.ubuntu.com/usn/USN-2490-1 http://www.ubuntu.com/usn/USN-2517-1 http://www.ubuntu.com/usn/USN-2491-1 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html https://source.android.com/security/bulletin/2017-01-01.html http://rhn.redhat.com/errata/RHSA-2015-1138.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1081.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774155 https://nvd.nist.gov https://usn.ubuntu.com/2516-3/https://access.redhat.com/security/cve/cve-2014-9420

CVE-2014-9420

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect