Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv2

CVE-2015-4167

Published: 05/08/2015 Updated: 22/12/2016
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
VMScore: 419
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Debian Linux

Vulnerability Summary

The udf_read_inode function in fs/udf/inode.c in the Linux kernel prior to 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

linux linux kernel

canonical ubuntu linux 12.04

Vendor Advisories

Debian Security Advisories: DSA-3313-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service CVE-2015-3290 Andy Lutomirski discovered that the Linux kernel does not properly handle nested NMIs A local, unprivileged user could use this flaw for privilege escalation CVE-2015-3291 Andy Lutomirski di ...
Ubuntu Security Notice: linux-lts-utopic vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2015-4167
An inode data validation error was found in Linux kernels built with UDF file system (CONFIG_UDF_FS) support An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash ...

References

CWE-189http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0http://www.openwall.com/lists/oss-security/2015/06/02/6https://bugzilla.redhat.com/show_bug.cgi?id=1228204http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0http://www.securitytracker.com/id/1033187http://www.debian.org/security/2015/dsa-3290http://www.ubuntu.com/usn/USN-2631-1http://www.ubuntu.com/usn/USN-2632-1http://www.securityfocus.com/bid/74963http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.htmlhttp://www.debian.org/security/2015/dsa-3313http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3313https://usn.ubuntu.com/2664-1/https://access.redhat.com/security/cve/cve-2015-4167
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook