PT-2014-9004 · Alt+6 · Alt Linux+5

P J P

·

Published

2014-12-25

·

Updated

2023-02-13

·

CVE-2014-9420

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.18.1 ALT Linux (affected versions not specified)
Description The issue is related to the rock continue function in fs/isofs/rock.c, which does not properly restrict the number of Rock Ridge continuation entries. This allows local users to cause a denial of service, potentially leading to an infinite loop, and system crash or hang, via a crafted iso9660 image.
Recommendations For Linux kernel versions prior to 3.18.1, update to version 3.18.1 or later to resolve the issue. For ALT Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2015-1018
ALT-PU-2015-1794
CESA-2015_1081
CESA-2015_1137
CVE-2014-9420
DLA-155-1
MGASA-2015-0006
MGASA-2015-0075
MGASA-2015-0076
MGASA-2015-0077
MGASA-2015-0078
OPENSUSE-SU-2015_0713-1
OPENSUSE-SU-2015_0714-1
RHSA-2015:1081
RHSA-2015:1137
RHSA-2015:1138
RHSA-2015:1139
RHSA-2015_1081
RHSA-2015_1137
RHSA-2015_1139
SUSE-RU-2015:0621-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2490-1
USN-2491-1
USN-2492-1
USN-2493-1
USN-2515-1
USN-2516-1
USN-2516-2
USN-2516-3
USN-2517-1
USN-2518-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu