CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference…

low2.1CVSS 3.1

AVLACLAuNCPINAN

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

Affected

48 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	linux	< linux 3.16.7-ckt4-1 (bookworm)	linux 3.16.7-ckt4-1 (bookworm)
linux	linux_kernel	< 3.18.2	3.18.2
linux	linux_kernel	>= 0 < 3.16.7-ckt4-1	3.16.7-ckt4-1
linux	linux_kernel	>= 0 < 3.16.7-ckt4-1	3.16.7-ckt4-1
linux	linux_kernel	>= 0 < 3.16.7-ckt4-1	3.16.7-ckt4-1
linux	linux_kernel	>= 0 < 3.16.7-ckt4-1	3.16.7-ckt4-1
linux	linux_kernel	>= 0 < 3.13.0-46.77	3.13.0-46.77
linux	linux_kernel	>= 0 < 3.13.0-46.75	3.13.0-46.75
linux	linux_kernel	>= 0 < 3.13.0-46.76	3.13.0-46.76
opensuse	evergreen	—	—
opensuse	opensuse	—	—
oracle	linux	—	—
redhat	enterprise_linux_aus	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—

CVSS provenance

nvd2.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N

osv2.1LOW