[v2.7] kernel: udf: avoid infinite loop when processing indirect ICBs (CVE-2014-6410)
The __udf_read_inode function in fs/udf/inode.c in the Linux kernel
does not restrict the amount of ICB indirection, which allows physically
proximate attackers to cause a denial of service (infinite loop or stack
consumption) via a UDF filesystem with a crafted inode.
Fixed upstream in v3.17-rc532^26. The upstream commit is:
•http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65
Patches for Alpine Linux current kernels:
v3.0 (linux-3.14.y):
https://github.com/torvalds/linux/commit/82335226733fdf82ee3f231c08269a17fd62a3fc
(fixed in v3.14.21~37)
v2.7 (linux-3.10.y):
not backported at the moment
References:
http://www.openwall.com/lists/oss-security/2014/09/15/9
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c03aa9f6e1f938618e6db2e23afef0574efeeb65
https://bugzilla.redhat.com/show\_bug.cgi?id=1141809
https://github.com/torvalds/linux/commit/c03aa9f6e1f938618e6db2e23afef0574efeeb65
http://www.securityfocus.com/bid/69799
(from redmine: issue id 3431, created on 2014-10-15, closed on 2017-09-05)
- Relations:
- parent #3430