CVE-2014-6410

MEDIUM

Description

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c03aa9f6e1f938618e6db2e23afef0574efeeb65

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

http://marc.info/?l=bugtraq&m=142722450701342&w=2

http://marc.info/?l=bugtraq&m=142722544401658&w=2

http://rhn.redhat.com/errata/RHSA-2014-1318.html

http://www.openwall.com/lists/oss-security/2014/09/15/9

http://www.securityfocus.com/bid/69799

http://www.ubuntu.com/usn/USN-2374-1

http://www.ubuntu.com/usn/USN-2375-1

http://www.ubuntu.com/usn/USN-2376-1

http://www.ubuntu.com/usn/USN-2377-1

http://www.ubuntu.com/usn/USN-2378-1

http://www.ubuntu.com/usn/USN-2379-1

https://bugzilla.redhat.com/show_bug.cgi?id=1141809

https://github.com/torvalds/linux/commit/c03aa9f6e1f938618e6db2e23afef0574efeeb65

Details

Source: MITRE

Published: 2014-09-28

Updated: 2016-08-23

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.16.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.16.3 (inclusive)

Tenable Plugins

View all (34 total)

ID	Name	Product	Family	Severity
124976	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1523)	Nessus	Huawei Local Security Checks	critical
124805	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481)	Nessus	Huawei Local Security Checks	high
99163	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)	Nessus	OracleVM Local Security Checks	critical
91695	F5 Networks BIG-IP : Linux kernel vulnerability (K41739114)	Nessus	F5 Networks Local Security Checks	medium
85097	Oracle Linux 6 : kernel (ELSA-2015-1272)	Nessus	Oracle Linux Local Security Checks	high
82691	OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)	Nessus	OracleVM Local Security Checks	critical
82101	Debian DLA-118-1 : linux-2.6 security update	Nessus	Debian Local Security Checks	high
81966	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)	Nessus	Oracle Linux Local Security Checks	high
81800	Oracle Linux 7 : kernel (ELSA-2015-0290)	Nessus	Oracle Linux Local Security Checks	high
80152	openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1)	Nessus	SuSE Local Security Checks	high
80150	openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1669-1)	Nessus	SuSE Local Security Checks	high
80099	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141216)	Nessus	Scientific Linux Local Security Checks	high
80088	CentOS 6 : kernel (CESA-2014:1997)	Nessus	CentOS Local Security Checks	high
80072	RHEL 6 : kernel (RHSA-2014:1997)	Nessus	Red Hat Local Security Checks	high
80070	Oracle Linux 6 : kernel (ELSA-2014-1997)	Nessus	Oracle Linux Local Security Checks	high
80014	Scientific Linux Security Update : kernel on SL7.x x86_64 (20141209)	Nessus	Scientific Linux Local Security Checks	high
80006	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3105)	Nessus	Oracle Linux Local Security Checks	medium
80005	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3104)	Nessus	Oracle Linux Local Security Checks	medium
80004	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3103)	Nessus	Oracle Linux Local Security Checks	medium
79876	CentOS 7 : kernel (CESA-2014:1971)	Nessus	CentOS Local Security Checks	high
79848	RHEL 7 : kernel (RHSA-2014:1971)	Nessus	Red Hat Local Security Checks	high
79845	Oracle Linux 7 : kernel (ELSA-2014-1971)	Nessus	Oracle Linux Local Security Checks	high
78651	SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9750)	Nessus	SuSE Local Security Checks	high
78650	SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9746 / 9749 / 9751)	Nessus	SuSE Local Security Checks	high
78617	Mandriva Linux Security Advisory : kernel (MDVSA-2014:201)	Nessus	Mandriva Local Security Checks	high
78259	Ubuntu 14.04 LTS : linux vulnerabilities (USN-2379-1)	Nessus	Ubuntu Local Security Checks	high
78258	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2378-1)	Nessus	Ubuntu Local Security Checks	high
78257	Ubuntu 12.04 LTS : linux vulnerabilities (USN-2376-1)	Nessus	Ubuntu Local Security Checks	high
78256	Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2375-1)	Nessus	Ubuntu Local Security Checks	medium
78255	Ubuntu 10.04 LTS : linux vulnerabilities (USN-2374-1)	Nessus	Ubuntu Local Security Checks	medium
78006	RHEL 6 : MRG (RHSA-2014:1318)	Nessus	Red Hat Local Security Checks	medium
77974	Fedora 19 : kernel-3.14.19-100.fc19 (2014-11008)	Nessus	Fedora Local Security Checks	medium
77798	Fedora 21 : kernel-3.16.3-300.fc21 (2014-11097)	Nessus	Fedora Local Security Checks	medium
77767	Fedora 20 : kernel-3.16.2-201.fc20 (2014-11031)	Nessus	Fedora Local Security Checks	medium

CVE-2014-6410

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high

critical

medium

high

critical

high

high

high

high

high

high

high

high

high

high

medium

medium

medium

high

high

high

high

high

high

high

high

high

medium

medium

medium

medium

medium

medium