CVE-2014-9728

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2

http://www.openwall.com/lists/oss-security/2015/06/02/7

http://www.securityfocus.com/bid/74964

https://bugzilla.redhat.com/show_bug.cgi?id=1228229

https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c

https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58

https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9

Details

Source: MITRE

Published: 2015-08-31

Updated: 2016-12-22

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.18.1 (inclusive)

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
124975EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)NessusHuawei Local Security Checks
high
124809EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)NessusHuawei Local Security Checks
high
119567Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)NessusOracle Linux Local Security Checks
high
119535Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4300)NessusOracle Linux Local Security Checks
high
88545openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)NessusSuSE Local Security Checks
high
86290SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1)NessusSuSE Local Security Checks
high
86121SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1611-1)NessusSuSE Local Security Checks
high
85432openSUSE Security Update : the Linux Kernel (openSUSE-2015-543)NessusSuSE Local Security Checks
high
85180SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1)NessusSuSE Local Security Checks
high
84252Debian DLA-246-2 : linux-2.6 regression updateNessusDebian Local Security Checks
high