vulnerability note CVE-2012-3400
Linux kernel: denial of service via UDF
Synthesis of the vulnerability
A local attacker can use a DVD with a malicious UDF file system, in order to stop the kernel.Impacted products:
Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.
BID-54279, CERTA-2013-AVI-170, CVE-2012-3400, RHSA-2012:1426-01, RHSA-2012:1491-01, RHSA-2013:0594-01, SUSE-SU-2012:0904-1, SUSE-SU-2012:1016-1, VIGILANCE-VUL-11739.
Description of the vulnerability
The UDF (Universal Disk Format) format is mainly used by DVD.
The UDF filesystem uses a "sparing table" to process errors of rewritable media (DVD+RW).
The fs/udf/super.c file of the Linux kernel reads data from the UDF filesystem.
However, if the UDF partition table or sparing table is malformed, the kernel continues to read after the end of data, and accesses to an uninitialized memory area.
A local attacker can therefore use a DVD with a malicious UDF file system, in order to stop the kernel.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability management
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system.