CVE-2014-6410
First published: Mon Sep 15 2014(Updated: )
A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-504.3.3.el6 | 0:2.6.32-504.3.3.el6 |
| redhat/kernel | <0:3.10.0-123.13.1.el7 | 0:3.10.0-123.13.1.el7 |
| redhat/kernel-rt | <0:3.10.33-rt32.51.el6 | 0:3.10.33-rt32.51.el6 |
| Linux Kernel | <=3.16.3 | |
| Linux Kernel | =3.16.0 | |
| Linux Kernel | =3.16.1 | |
| Linux Kernel | =3.16.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2014-6410 https://nvd.nist.gov/vuln/detail/CVE-2014-6410
- https://bugzilla.redhat.com/show_bug.cgi?id=1141809
- https://access.redhat.com/errata/RHSA-2014:1997
- https://access.redhat.com/errata/RHSA-2014:1971
- https://access.redhat.com/errata/RHSA-2014:1318
- https://access.redhat.com/security/cve/CVE-2014-6410
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c03aa9f6e1f938618e6db2e23afef0574efeeb65
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
- http://marc.info/?l=bugtraq&m=142722450701342&w=2
- http://marc.info/?l=bugtraq&m=142722544401658&w=2
- http://rhn.redhat.com/errata/RHSA-2014-1318.html
- http://www.openwall.com/lists/oss-security/2014/09/15/9
- http://www.securityfocus.com/bid/69799
- http://www.ubuntu.com/usn/USN-2374-1
- http://www.ubuntu.com/usn/USN-2375-1
- http://www.ubuntu.com/usn/USN-2376-1
- http://www.ubuntu.com/usn/USN-2377-1
- http://www.ubuntu.com/usn/USN-2378-1
- http://www.ubuntu.com/usn/USN-2379-1
- https://github.com/torvalds/linux/commit/c03aa9f6e1f938618e6db2e23afef0574efeeb65
- http://marc.info/?l=bugtraq&m=142722544401658&w=2
- http://marc.info/?l=bugtraq&m=142722450701342&w=2
- https://launchpad.net/bugs/cve/CVE-2014-6410
- https://git.kernel.org/linus/c03aa9f6e1f938618e6db2e23afef0574efeeb65
- http://seclists.org/oss-sec/2014/q3/600
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1141810
- http://seclists.org/oss-sec/2014/q3/606
- http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f20&id=52720ac370a759fa09dcd86768a5413a5ed3f9cf
- https://rhn.redhat.com/errata/RHSA-2014-1318.html
- https://rhn.redhat.com/errata/RHSA-2014-1971.html
- https://rhn.redhat.com/errata/RHSA-2014-1997.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c03aa9f6e1f938618e6db2e23afef0574efeeb65
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65
- https://security-tracker.debian.org/tracker/CVE-2014-6410
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
- https://nvd.nist.gov/vuln/detail/CVE-2014-6410
- https://ubuntu.com/security/CVE-2014-6410
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2014-6410?
CVE-2014-6410 has been categorized as a high severity vulnerability due to its potential to cause a stack overflow and disrupt system stability.
How do I fix CVE-2014-6410?
To fix CVE-2014-6410, upgrade to the patched kernel versions provided by your Linux distribution, such as Red Hat or Debian.
What systems are affected by CVE-2014-6410?
CVE-2014-6410 primarily affects Linux kernel versions prior to 3.16.3 and various specific distributions like Red Hat and Debian.
What type of attack can exploit CVE-2014-6410?
CVE-2014-6410 can be exploited by an attacker with physical access to the system using a specially crafted UDF image.
Is there a workaround for CVE-2014-6410?
Currently, the recommended solution for CVE-2014-6410 is to apply the necessary kernel updates rather than seeking a workaround.
- collector/redhat-cve
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-6410
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.16.3
- version/linux kernel/3.16.0
- version/linux kernel/3.16.1
- version/linux kernel/3.16.2
- package-manager/debian