{ "threat_severity" : "Low", "public_date" : "2014-09-15T00:00:00Z", "bugzilla" : { "description" : "kernel: udf: Avoid infinite loop when processing indirect ICBs", "id" : "1141809", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141809" }, "cvss" : { "cvss_base_score" : "4.9", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.", "A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-12-16T00:00:00Z", "advisory" : "RHSA-2014:1997", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-504.3.3.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-12-09T00:00:00Z", "advisory" : "RHSA-2014:1971", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-123.13.1.el7" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2014-09-29T00:00:00Z", "advisory" : "RHSA-2014:1318", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-0:3.10.33-rt32.51.el6rt" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-6410\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6410" ], "name" : "CVE-2014-6410", "csaw" : false }