The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
References
Configurations
History
13 Feb 2023, 00:45
Type | Values Removed | Values Added |
---|---|---|
Summary | The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. | |
References |
|
02 Feb 2023, 20:19
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. | |
References |
|
|
Information
Published : 2014-12-26 00:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-9420
Mitre link : CVE-2014-9420
CVE.ORG link : CVE-2014-9420
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-399
Resource Management Errors