Unrestricted ICB Indirection in Linux Kernel Allows Denial of Service

Unrestricted ICB Indirection in Linux Kernel Allows Denial of Service

CVE-2014-6410 · MEDIUM Severity

AV:L/AC:M/AU:N/C:N/I:N/A:C

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.