{
  "threat_severity" : "Low",
  "public_date" : "2014-12-15T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: fs: isofs: infinite loop in CE record entries",
    "id" : "1175235",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1175235"
  },
  "cvss" : {
    "cvss_base_score" : "4.7",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-835",
  "details" : [ "The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.", "It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service." ],
  "statement" : "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.",
  "acknowledgement" : "Red Hat would like to thank Carl Henrik Lunde for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-06-09T00:00:00Z",
    "advisory" : "RHSA-2015:1081",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-504.23.4.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-06-23T00:00:00Z",
    "advisory" : "RHSA-2015:1139",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-229.7.2.rt56.141.6.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-06-23T00:00:00Z",
    "advisory" : "RHSA-2015:1137",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-229.7.2.ael7b"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2015-06-23T00:00:00Z",
    "advisory" : "RHSA-2015:1138",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-229.rt56.153.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-9420\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9420" ],
  "name" : "CVE-2014-9420",
  "csaw" : false
}