4.9
CVE-2014-9728
- EPSS 0.45%
- Veröffentlicht 31.08.2015 10:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 3.18.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.357 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9
http://www.openwall.com/lists/oss-security/2015/06/02/7
http://www.securityfocus.com/bid/74964
https://bugzilla.redhat.com/show_bug.cgi?id=1228229
https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c
https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9