CVE-2014-9728

Linux Kernel < 3.18.1 - Denial of Service via UDF Filesystem Length Validation

Title source: llm
STIX 2.1

Description

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

References (15)

Core 15
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1228229
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74964
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/02/7

Scores

EPSS 0.0045
EPSS Percentile 35.7%

Details

CWE
CWE-119
Status published
Products (1)
linux/linux_kernel < 3.18.1
Published Aug 31, 2015
Tracked Since Feb 18, 2026