Description: | The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. Carl H Lunde discovered missing sanity checks in the Linux kernel's UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image.
|