CVE-2014-9729
Publication date 31 December 2014
Last updated 24 July 2024
Ubuntu priority
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
From the Ubuntu Security Team
Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not valid inode size information . A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Fixed 3.13.0-48.80
|
|
linux-2.6 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-armadaxp | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-ec2 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-fsl-imx51 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 3.16.0-31.41~14.04.1
|
|
linux-lts-vivid | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Not affected
|
|
linux-maguro | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mvl-dove | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
Notes
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
References
Related Ubuntu Security Notices (USN)
- USN-2543-1
- Linux kernel (Trusty HWE) vulnerabilities
- 24 March 2015
- USN-2544-1
- Linux kernel vulnerabilities
- 24 March 2015
- USN-2541-1
- Linux kernel vulnerabilities
- 24 March 2015
- USN-2517-1
- Linux kernel (Utopic HWE) vulnerabilities
- 26 February 2015
- USN-2542-1
- Linux kernel (OMAP4) vulnerabilities
- 24 March 2015
- USN-2518-1
- Linux kernel vulnerabilities
- 26 February 2015