Vulnerability Details : CVE-2014-5472
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
Vulnerability category: Input validationDenial of service
Threat overview for CVE-2014-5472
Top countries where our scanners detected CVE-2014-5472
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2014-5472 15,224
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-5472!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-5472
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-5472
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:L/AC:H/Au:N/C:N/I:N/A:C |
1.9
|
6.9
|
NIST |
CWE ids for CVE-2014-5472
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5472
-
https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
isofs: Fix unbounded recursion when processing relocated directories · torvalds/linux@410dd3c · GitHubExploit;Patch
-
http://www.ubuntu.com/usn/USN-2357-1
USN-2357-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
[security-announce] SUSE-SU-2015:0481-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
[security-announce] openSUSE-SU-2015:0566-1: important: kernel update fo
-
http://www.ubuntu.com/usn/USN-2356-1
USN-2356-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
[security-announce] SUSE-SU-2014:1316-1: important: Security update for
-
http://marc.info/?l=bugtraq&m=142722544401658&w=2
'[security bulletin] HPSBGN03282 rev.1 - HP Business Service Manager Virtual Appliance, Multiple Vuln' - MARC
-
http://rhn.redhat.com/errata/RHSA-2015-0782.html
RHSA-2015:0782 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/69428
Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2015-0803.html
RHSA-2015:0803 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2355-1
USN-2355-1: Linux kernel (EC2) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2354-1
USN-2354-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
kernel/git/torvalds/linux.git - Linux kernel source treeExploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95556
Linux Kernel ISOFS denial of service CVE-2014-5472 Vulnerability Report
-
http://marc.info/?l=bugtraq&m=142722450701342&w=2
'[security bulletin] HPSBGN03285 rev.1 - HP Business Service Manager Virtual Appliance, Multiple Vul' - MARC
-
http://rhn.redhat.com/errata/RHSA-2014-1318.html
RHSA-2014:1318 - Security Advisory - Red Hat Customer Portal
-
https://code.google.com/p/google-security-research/issues/detail?id=88
88 - Linux kernel stack overflow when mounting ISO9660 image, including via a USB stick - project-zero - Monorail
-
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
[security-announce] SUSE-SU-2014:1319-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-0102.html
RHSA-2015:0102 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2359-1
USN-2359-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=1134099
1134099 – (CVE-2014-5471, CVE-2014-5472) CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories
-
http://www.openwall.com/lists/oss-security/2014/08/27/1
oss-security - Re: CVE Request: Linux Kernel unbound recursion in ISOFS
-
http://rhn.redhat.com/errata/RHSA-2015-0695.html
RHSA-2015:0695 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2358-1
USN-2358-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
[security-announce] SUSE-SU-2015:0812-1: important: Security update for
Products affected by CVE-2014-5472
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*