Improper input validation in Linux Linux_kernel

CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (32.1th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Oracle Linux — versions 5
Canonical Ubuntu_linux — versions 10.04, 12.04, 14.04
Debian Debian_linux — versions 7.0, 8.0
Opensuse Evergreen — versions 11.4
Opensuse — versions 13.1
Redhat Enterprise_linux_aus — versions 6.6
Redhat Enterprise_linux_desktop — versions 6.0, 7.0
Redhat Enterprise_linux_eus — versions 6.6
Redhat Enterprise_linux_server — versions 6.0, 7.0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

USN-2515-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
SUSE-SU-2015:0736 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
SUSE-SU-2015:0652 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
USN-2512-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
[oss-security] 20150109 Re: CVE request Linux kernel: isofs: unchecked printing of ER records (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
USN-2514-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
RHSA-2015:1138 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM)