Linux kernel built with the UDF file system support(CONFIG_UDF_FS) is vulnerable to a crash due to stack overflow through infinite recursion. It occurs while traversing a long ICB hierarchy. a user/program able to mount such a file system could use this flaw to crash the system kernel resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/c03aa9f6e1f938618e6db2e23afef0574efeeb65 Reference: ---------- -> http://seclists.org/oss-sec/2014/q3/600
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1141810]
MITRE assigned CVE-2014-6410 to this issue: http://seclists.org/oss-sec/2014/q3/606
Fedora kernel has been fixed to include this patch: -> http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f20&id=52720ac370a759fa09dcd86768a5413a5ed3f9cf
kernel-3.16.2-201.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.16.3-300.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2014:1318 https://rhn.redhat.com/errata/RHSA-2014-1318.html
kernel-3.14.19-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1997 https://rhn.redhat.com/errata/RHSA-2014-1997.html