CVE-2014-9420medium
Description
It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.
References
http://www.openwall.com/lists/oss-security/2014/12/25/4
https://bugzilla.redhat.com/show_bug.cgi?id=1175235
https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d
http://secunia.com/advisories/62801
http://www.ubuntu.com/usn/USN-2492-1
http://www.ubuntu.com/usn/USN-2518-1
http://www.ubuntu.com/usn/USN-2515-1
http://www.ubuntu.com/usn/USN-2516-1
http://www.ubuntu.com/usn/USN-2493-1
http://www.ubuntu.com/usn/USN-2490-1
http://www.ubuntu.com/usn/USN-2517-1
http://www.ubuntu.com/usn/USN-2491-1
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
https://source.android.com/security/bulletin/2017-01-01.html
http://rhn.redhat.com/errata/RHSA-2015-1138.html
http://rhn.redhat.com/errata/RHSA-2015-1137.html
http://rhn.redhat.com/errata/RHSA-2015-1081.html
https://access.redhat.com/errata/RHSA-2015:1139
https://access.redhat.com/errata/RHSA-2015:1138
https://access.redhat.com/errata/RHSA-2015:1137