CVE - CVE-2015-4167

CVE-ID
CVE-2015-4167	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20150602 CVE request Linux kernel: fs: udf kernel oops URL:http://www.openwall.com/lists/oss-security/2015/06/02/6 CONFIRM:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1228204 CONFIRM:https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 DEBIAN:DSA-3290 URL:http://www.debian.org/security/2015/dsa-3290 DEBIAN:DSA-3313 URL:http://www.debian.org/security/2015/dsa-3313 SUSE:SUSE-SU-2015:1592 URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html SUSE:SUSE-SU-2015:1611 URL:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html SUSE:SUSE-SU-2015:1324 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html SUSE:openSUSE-SU-2015:1382 URL:http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html UBUNTU:USN-2631-1 URL:http://www.ubuntu.com/usn/USN-2631-1 UBUNTU:USN-2632-1 URL:http://www.ubuntu.com/usn/USN-2632-1 BID:74963 URL:http://www.securityfocus.com/bid/74963 SECTRACK:1033187 URL:http://www.securitytracker.com/id/1033187
Assigning CNA
N/A
Date Entry Created
20150602	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150602)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org