mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-02 19:53:47 +00:00
883 B
883 B
CVE-2014-9584
Description
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.ubuntu.com/usn/USN-2512-1
- http://www.ubuntu.com/usn/USN-2514-1
Github
No PoCs found on GitHub currently.