CVE-2014-9420
Detail
Modified After Enrichment This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d
CVE, Inc., Red Hat
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
CVE, Inc., Red Hat
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2015-1081.html
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2015-1137.html
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2015-1138.html
CVE, Inc., Red Hat
http://secunia.com/advisories/62801
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
CVE, Inc., Red Hat
http://www.openwall.com/lists/oss-security/2014/12/25/4
CVE, Inc., Red Hat
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2490-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2491-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2492-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2493-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2515-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2516-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2517-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2518-1
CVE, Inc., Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=1175235
CVE, Inc., Red Hat
Vendor Advisory
https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d
CVE, Inc., Red Hat
https://source.android.com/security/bulletin/2017-01-01.html
CVE, Inc., Red Hat
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-399
Resource Management Errors
NIST
Change History
20 change records found show changes
CVE Modified by Red Hat, Inc.
6/16/2026 8:18:19 PM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]
CVE Status Change
5/06/2026 6:30:45 PM
Action
Type
Old Value
New Value
CVE Modified by CVE
11/20/2024 9:20:49 PM
Action
Type
Old Value
New Value
Added
Reference
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Added
Reference
http://rhn.redhat.com/errata/RHSA-2015-1081.html
Added
Reference
http://rhn.redhat.com/errata/RHSA-2015-1137.html
Added
Reference
http://rhn.redhat.com/errata/RHSA-2015-1138.html
Added
Reference
http://secunia.com/advisories/62801
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
Added
Reference
http://www.openwall.com/lists/oss-security/2014/12/25/4
Added
Reference
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Added
Reference
http://www.ubuntu.com/usn/USN-2490-1
Added
Reference
http://www.ubuntu.com/usn/USN-2491-1
Added
Reference
http://www.ubuntu.com/usn/USN-2492-1
Added
Reference
http://www.ubuntu.com/usn/USN-2493-1
Added
Reference
http://www.ubuntu.com/usn/USN-2515-1
Added
Reference
http://www.ubuntu.com/usn/USN-2516-1
Added
Reference
http://www.ubuntu.com/usn/USN-2517-1
Added
Reference
http://www.ubuntu.com/usn/USN-2518-1
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=1175235
Added
Reference
https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d
Added
Reference
https://source.android.com/security/bulletin/2017-01-01.html
CVE Modified by Red Hat, Inc.
5/13/2024 11:25:10 PM
Action
Type
Old Value
New Value
CVE Modified by Red Hat, Inc.
2/12/2023 7:45:21 PM
Action
Type
Old Value
New Value
Changed
Description
It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
Removed
CVSS V2
Red Hat, Inc. (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Removed
Reference
https://access.redhat.com/errata/RHSA-2015:1081 [No Types Assigned]
Removed
Reference
https://access.redhat.com/errata/RHSA-2015:1137 [No Types Assigned]
Removed
Reference
https://access.redhat.com/errata/RHSA-2015:1138 [No Types Assigned]
Removed
Reference
https://access.redhat.com/errata/RHSA-2015:1139 [No Types Assigned]
Removed
Reference
https://access.redhat.com/security/cve/CVE-2014-9420 [No Types Assigned]
CVE Modified by Red Hat, Inc.
2/02/2023 3:19:55 PM
Action
Type
Old Value
New Value
Changed
Description
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.
Added
CVSS V2
Red Hat, Inc. (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Added
Reference
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d [No Types Assigned]
Added
Reference
https://access.redhat.com/errata/RHSA-2015:1081 [No Types Assigned]
Added
Reference
https://access.redhat.com/errata/RHSA-2015:1137 [No Types Assigned]
Added
Reference
https://access.redhat.com/errata/RHSA-2015:1138 [No Types Assigned]
Added
Reference
https://access.redhat.com/errata/RHSA-2015:1139 [No Types Assigned]
Added
Reference
https://access.redhat.com/security/cve/CVE-2014-9420 [No Types Assigned]
Removed
Reference
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d [No Types Assigned]
CVE Modified by Red Hat, Inc.
1/04/2018 9:29:55 PM
Action
Type
Old Value
New Value
Added
Reference
http://rhn.redhat.com/errata/RHSA-2015-1081.html [No Types Assigned]
Added
Reference
http://rhn.redhat.com/errata/RHSA-2015-1137.html [No Types Assigned]
Added
Reference
http://rhn.redhat.com/errata/RHSA-2015-1138.html [No Types Assigned]
CVE Modified by Red Hat, Inc.
1/06/2017 10:00:33 PM
Action
Type
Old Value
New Value
Added
Reference
https://source.android.com/security/bulletin/2017-01-01.html [No Types Assigned]
CVE Modified by Red Hat, Inc.
1/02/2017 9:59:24 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html [No Types Assigned]
CVE Modified by Red Hat, Inc.
10/11/2016 9:59:41 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
CVE Modified by Red Hat, Inc.
6/03/2015 10:01:26 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
CVE Modified by Red Hat, Inc.
5/11/2015 10:02:03 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
CVE Modified by Red Hat, Inc.
4/17/2015 9:59:39 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
CVE Modified by Red Hat, Inc.
4/06/2015 9:59:58 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
CVE Modified by Red Hat, Inc.
3/25/2015 10:00:33 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
CVE Modified by Red Hat, Inc.
3/11/2015 10:01:26 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
Added
Reference
http://www.ubuntu.com/usn/USN-2491-1
CVE Modified by Red Hat, Inc.
3/05/2015 10:00:01 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.ubuntu.com/usn/USN-2490-1
Added
Reference
http://www.ubuntu.com/usn/USN-2492-1
Added
Reference
http://www.ubuntu.com/usn/USN-2493-1
Added
Reference
http://www.ubuntu.com/usn/USN-2515-1
Added
Reference
http://www.ubuntu.com/usn/USN-2516-1
Added
Reference
http://www.ubuntu.com/usn/USN-2517-1
Added
Reference
http://www.ubuntu.com/usn/USN-2518-1
CVE Modified by Red Hat, Inc.
2/13/2015 9:59:40 PM
Action
Type
Old Value
New Value
Added
Reference
http://secunia.com/advisories/62801
Modified Analysis by NIST
12/29/2014 6:15:56 PM
Action
Type
Old Value
New Value
Added
CVSS V2
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Added
CWE
CWE-399
Added
CPE Configuration
Configuration 1
OR
*cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:* (and previous)
Changed
Reference Type
https://bugzilla.redhat.com/show_bug.cgi?id=1175235 No Types Assigned
https://bugzilla.redhat.com/show_bug.cgi?id=1175235 Advisory
Initial CVE Analysis
12/29/2014 1:24:36 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2014-9420 NVD
Published Date: 12/25/2014 NVD
Last Modified: 06/16/2026
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
