CVE-2014-9584

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (11^th)

Affected Products 19

Advisories 24

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2015-01-09 21:59:01
(9 years ago)
Updated Date: 2023-02-13 00:45:22
(19 months ago)

Affected Products

Opensuse

Oracle

Linux

Redhat

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 3.18.2 version	cpe:2.3:o:linux:linux_kernel		< 3.18.2

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_aus:6.6
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Eus 6.6	cpe:2.3:o:redhat:enterprise_linux_eus:6.6
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
	Redhat Enterprise Linux Server Aus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
	Redhat Enterprise Linux Server Aus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
	Redhat Enterprise Linux Server Eus 7.1	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1
	Redhat Enterprise Linux Server Eus 7.2	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
	Redhat Enterprise Linux Server Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
	Redhat Enterprise Linux Server Eus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
	Redhat Enterprise Linux Server Eus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7
	Redhat Enterprise Linux Server Tus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
	Redhat Enterprise Linux Server Tus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
	Redhat Enterprise Linux Server Tus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
	Redhat Enterprise Linux Server Tus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #3

		CPE23	From	Up To
	Opensuse Evergreen 11.4	cpe:2.3:o:opensuse:evergreen:11.4
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Suse Linux Enterprise Desktop 12	cpe:2.3:o:suse:linux_enterprise_desktop:12:-
	Suse Linux Enterprise Real Time Extension 11 SP3	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
	Suse Linux Enterprise Server 10 SP4	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss
	Suse Linux Enterprise Server 11 SP2	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss
	Suse Linux Enterprise Server 12	cpe:2.3:o:suse:linux_enterprise_server:12:-
	Suse Linux Enterprise Software Development Kit 12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-
	Suse Linux Enterprise Workstation Extension 12	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12

Configuration #4

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #5

		CPE23	From	Up To
	Canonical Ubuntu Linux 10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:::*:lts
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10

Configuration #6

		CPE23	From	Up To
	Oracle Linux 5	cpe:2.3:o:oracle:linux:5:-