CVE-2014-6410

kernel: udf: Avoid infinite loop when processing indirect ICBs

Severity Score

4.7

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.

La función __udf_read_inode en fs/udf/inode.c en el kernel de Linux hasta 3.16.3 no restringe la cantidad de indirección ICB, lo que permite a atacantes físicamente próximos causar una denegación de servicio (bucle infinito o consumo de la pila) a través de un sistema de ficheros UDF con un inodo manipulado.

A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-09-15 CVE Reserved
2014-09-28 CVE Published
2023-11-08 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (17)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c03aa9f6e1f938618e6db2e23afef0574efeeb65	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2014/09/15/9	Mailing List
http://www.securityfocus.com/bid/69799	Vdb Entry

URL	Date	SRC
https://github.com/torvalds/linux/commit/c03aa9f6e1f938618e6db2e23afef0574efeeb65	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html	2023-11-07
http://marc.info/?l=bugtraq&m=142722450701342&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142722544401658&w=2	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1318.html	2023-11-07
http://www.ubuntu.com/usn/USN-2374-1	2023-11-07
http://www.ubuntu.com/usn/USN-2375-1	2023-11-07
http://www.ubuntu.com/usn/USN-2376-1	2023-11-07
http://www.ubuntu.com/usn/USN-2377-1	2023-11-07
http://www.ubuntu.com/usn/USN-2378-1	2023-11-07
http://www.ubuntu.com/usn/USN-2379-1	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1141809	2014-12-16
https://access.redhat.com/security/cve/CVE-2014-6410	2014-12-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 3.16.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.16.3"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.16.0 Search vendor "Linux" for product "Linux Kernel" and version "3.16.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.16.1 Search vendor "Linux" for product "Linux Kernel" and version "3.16.1"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.16.2 Search vendor "Linux" for product "Linux Kernel" and version "3.16.2"		-		Affected