CVE-2014-5471

MEDIUM

Description

Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://marc.info/?l=bugtraq&m=142722450701342&w=2

http://marc.info/?l=bugtraq&m=142722544401658&w=2

http://rhn.redhat.com/errata/RHSA-2014-1318.html

http://rhn.redhat.com/errata/RHSA-2015-0102.html

http://rhn.redhat.com/errata/RHSA-2015-0695.html

http://rhn.redhat.com/errata/RHSA-2015-0782.html

http://rhn.redhat.com/errata/RHSA-2015-0803.html

http://seclists.org/oss-sec/2014/q3/450

http://www.openwall.com/lists/oss-security/2014/08/27/1

http://www.securityfocus.com/bid/69396

http://www.ubuntu.com/usn/USN-2354-1

http://www.ubuntu.com/usn/USN-2355-1

http://www.ubuntu.com/usn/USN-2356-1

http://www.ubuntu.com/usn/USN-2357-1

http://www.ubuntu.com/usn/USN-2358-1

http://www.ubuntu.com/usn/USN-2359-1

https://bugzilla.redhat.com/show_bug.cgi?id=1134099

https://code.google.com/p/google-security-research/issues/detail?id=88

https://exchange.xforce.ibmcloud.com/vulnerabilities/95481

https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4

Details

Source: MITRE

Published: 2014-09-01

Updated: 2017-09-08

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 1.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.16.1 (inclusive)

Tenable Plugins

View all (38 total)

ID	Name	Product	Family	Severity
124989	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1536)	Nessus	Huawei Local Security Checks	high
124805	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481)	Nessus	Huawei Local Security Checks	high
99163	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)	Nessus	OracleVM Local Security Checks	critical
85097	Oracle Linux 6 : kernel (ELSA-2015-1272)	Nessus	Oracle Linux Local Security Checks	high
83723	SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)	Nessus	SuSE Local Security Checks	high
83696	SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)	Nessus	SuSE Local Security Checks	high
82790	RHEL 6 : kernel (RHSA-2015:0803)	Nessus	Red Hat Local Security Checks	medium
82691	OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)	Nessus	OracleVM Local Security Checks	critical
82636	RHEL 6 : kernel (RHSA-2015:0782)	Nessus	Red Hat Local Security Checks	critical
82087	Debian DLA-103-1 : linux-2.6 security update	Nessus	Debian Local Security Checks	medium
81966	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)	Nessus	Oracle Linux Local Security Checks	high
81906	RHEL 6 : kernel (RHSA-2015:0695)	Nessus	Red Hat Local Security Checks	medium
81800	Oracle Linux 7 : kernel (ELSA-2015-0290)	Nessus	Oracle Linux Local Security Checks	high
81089	CentOS 7 : kernel (CESA-2015:0102)	Nessus	CentOS Local Security Checks	high
81073	Scientific Linux Security Update : kernel on SL7.x x86_64 (20150128)	Nessus	Scientific Linux Local Security Checks	high
81070	RHEL 7 : kernel (RHSA-2015:0102)	Nessus	Red Hat Local Security Checks	high
81067	Oracle Linux 7 : kernel (ELSA-2015-0102)	Nessus	Oracle Linux Local Security Checks	high
80158	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3108)	Nessus	Oracle Linux Local Security Checks	high
80157	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3107)	Nessus	Oracle Linux Local Security Checks	high
80156	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3106)	Nessus	Oracle Linux Local Security Checks	high
80152	openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1)	Nessus	SuSE Local Security Checks	high
80150	openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1669-1)	Nessus	SuSE Local Security Checks	high
80099	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141216)	Nessus	Scientific Linux Local Security Checks	high
80088	CentOS 6 : kernel (CESA-2014:1997)	Nessus	CentOS Local Security Checks	high
80072	RHEL 6 : kernel (RHSA-2014:1997)	Nessus	Red Hat Local Security Checks	high
80070	Oracle Linux 6 : kernel (ELSA-2014-1997)	Nessus	Oracle Linux Local Security Checks	high
78651	SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9750)	Nessus	SuSE Local Security Checks	high
78650	SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9746 / 9749 / 9751)	Nessus	SuSE Local Security Checks	high
78617	Mandriva Linux Security Advisory : kernel (MDVSA-2014:201)	Nessus	Mandriva Local Security Checks	high
78006	RHEL 6 : MRG (RHSA-2014:1318)	Nessus	Red Hat Local Security Checks	medium
77974	Fedora 19 : kernel-3.14.19-100.fc19 (2014-11008)	Nessus	Fedora Local Security Checks	medium
77821	Ubuntu 14.04 LTS : linux vulnerabilities (USN-2359-1)	Nessus	Ubuntu Local Security Checks	high
77820	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2358-1)	Nessus	Ubuntu Local Security Checks	high
77819	Ubuntu 12.04 LTS : linux vulnerabilities (USN-2356-1)	Nessus	Ubuntu Local Security Checks	medium
77818	Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2355-1)	Nessus	Ubuntu Local Security Checks	medium
77817	Ubuntu 10.04 LTS : linux vulnerabilities (USN-2354-1)	Nessus	Ubuntu Local Security Checks	medium
77787	Fedora 21 : kernel-3.16.2-300.fc21 (2014-10312)	Nessus	Fedora Local Security Checks	medium
77451	Fedora 20 : kernel-3.15.10-201.fc20 (2014-9959)	Nessus	Fedora Local Security Checks	medium

CVE-2014-5471

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

critical

high

high

high

medium

critical

critical

medium

high

medium

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

medium

medium

high

high

medium

medium

medium

medium

medium