CVE-2014-9730 : The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

Published 2015-08-31 10:59:03

Updated 2016-12-22 02:59:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-9730

Linux » Linux Kernel
Versions up to, including, (<=) 3.18.1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-9730

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-9730

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

References for CVE-2014-9730

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2

Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html

[security-announce] SUSE-SU-2015:1592-1: important: Security update for

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9

kernel/git/torvalds/linux.git - Linux kernel source tree

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html

[security-announce] SUSE-SU-2015:1611-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html

[security-announce] SUSE-SU-2015:1324-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

[security-announce] openSUSE-SU-2015:1382-1: important: Security update

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html

[security-announce] SUSE-SU-2015:1224-1: important: Security update for

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1228229

1228229 – (CVE-2014-9728, CVE-2014-9729, CVE-2014-9730) CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 Kernel: fs: udf: heap overflow in __udf_adinicb_readpage

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2015/06/02/7

oss-security - CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage

CVEs referencing this url
http://www.securityfocus.com/bid/74964

Linux Kernel UDF File System Multiple Local Denial of Service Vulnerabilities

CVEs referencing this url
https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9

udf: Check component length before reading it · torvalds/linux@e237ec3 · GitHub

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-9730

Products affected by CVE-2014-9730

Exploit prediction scoring system (EPSS) score for CVE-2014-9730

CVSS scores for CVE-2014-9730

References for CVE-2014-9730