K17543 : Linux kernel vulnerability CVE-2014-9420

2015-11-0500:00:00

my.f5.com

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Security Advisory Description

The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. (CVE-2014-9420)

Impact

A local authenticated attacker may cause a denial-of-service (DoS) to the system by using a specially crafted ISO image.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.6.0
big-ip afmeq12.0.0
big-ip analyticseq11.0.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.6.0
big-ip afm	eq	12.0.0
big-ip analytics	eq	11.0.0