Bug 1141809 (CVE-2014-6410)
| Summary: | CVE-2014-6410 kernel: udf: Avoid infinite loop when processing indirect ICBs | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | agordeev, aquini, bhu, ccoleman, dhoward, dmcphers, esammons, fhrbata, gansalmon, iboverma, itamar, jforbes, jialiu, jkacur, joelsmith, jokerman, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, kseifried, lgoncalv, lmeyer, lwang, madhu.chinakonda, matt, mchehab, mcressma, mmccomas, mmcgrath, nmurray, pholasek, plougher, ppandit, rt-maint, rvrbovsk, vgoyal, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-02-10 06:59:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1141810, 1142319, 1142320, 1142321, 1142322, 1142323 | ||
| Bug Blocks: | 1141813 | ||
|
Description
Vasyl Kaigorodov
2014-09-15 13:43:54 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1141810] MITRE assigned CVE-2014-6410 to this issue: http://seclists.org/oss-sec/2014/q3/606 Fedora kernel has been fixed to include this patch: -> http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f20&id=52720ac370a759fa09dcd86768a5413a5ed3f9cf kernel-3.16.2-201.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. kernel-3.16.3-300.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2014:1318 https://rhn.redhat.com/errata/RHSA-2014-1318.html kernel-3.14.19-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. IssueDescription: A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1997 https://rhn.redhat.com/errata/RHSA-2014-1997.html |