The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel prior to 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
linux linux kernel |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux aus 6.6 |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux server eus 7.1 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux eus 6.6 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server tus 6.6 |
||
redhat enterprise linux server eus 7.7 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.7 |
||
suse linux enterprise server 11 |
||
opensuse evergreen 11.4 |
||
suse linux enterprise real time extension 11 |
||
suse linux enterprise workstation extension 12 |
||
suse linux enterprise server 10 |
||
opensuse opensuse 13.1 |
||
suse linux enterprise server 12 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise desktop 12 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 10.04 |
||
oracle linux 5 |
Vulmon