CVE-2014-9420
CVE-2014-9420
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3dhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1081.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1137.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1138.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1175235