CVE-2014-9420

medium

Description

It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.

References

http://www.openwall.com/lists/oss-security/2014/12/25/4

https://bugzilla.redhat.com/show_bug.cgi?id=1175235

https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d

http://secunia.com/advisories/62801

http://www.ubuntu.com/usn/USN-2492-1

http://www.ubuntu.com/usn/USN-2518-1

http://www.ubuntu.com/usn/USN-2515-1

http://www.ubuntu.com/usn/USN-2516-1

http://www.ubuntu.com/usn/USN-2493-1

http://www.ubuntu.com/usn/USN-2490-1

http://www.ubuntu.com/usn/USN-2517-1

http://www.ubuntu.com/usn/USN-2491-1

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

https://source.android.com/security/bulletin/2017-01-01.html

http://rhn.redhat.com/errata/RHSA-2015-1138.html

http://rhn.redhat.com/errata/RHSA-2015-1137.html

http://rhn.redhat.com/errata/RHSA-2015-1081.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d

https://access.redhat.com/errata/RHSA-2015:1139

https://access.redhat.com/errata/RHSA-2015:1138

https://access.redhat.com/errata/RHSA-2015:1137

https://access.redhat.com/errata/RHSA-2015:1081

https://access.redhat.com/security/cve/CVE-2014-9420

Details

Source: MITRE

Published: 2014-12-26

Updated: 2023-02-02

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM