CVE-2014-9731 Common Vulnerabilities and Exposures

Upstream information

CVE-2014-9731 at MITRE

Description

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.

SUSE information

Overall state of this security issue: Does not affect SUSE products

CVSS v2 Scores
	National Vulnerability Database
Base Score	2.1
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Local
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

Note from the SUSE Security Team on the kernel-default package

SUSE will no longer fix all CVEs in the Linux Kernel anymore, but declare some bug classes as won't fix. Please refer to TID 21496 for more details.

SUSE Bugzilla entries: 911325 [RESOLVED / FIXED], 933896 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2015:1324-1, published Fri Jul 31 02:08:46 MDT 2015
SUSE-SU-2015:1592-1, published Tue Sep 22 02:09:39 MDT 2015
SUSE-SU-2015:1611-1, published Wed Sep 23 03:09:58 MDT 2015
SUSE-SU-2015:1678-1, published Mon Oct 5 09:10:40 MDT 2015
openSUSE-SU-2015:1382-1, published Fri Dec 8 15:48:33 2023
openSUSE-SU-2016:0301-1, published Fri Dec 8 15:48:34 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP3	`kernel-bigsmp-devel >= 3.0.101-0.47.67.2` `kernel-default >= 3.0.101-0.47.67.2` `kernel-default-base >= 3.0.101-0.47.67.2` `kernel-default-devel >= 3.0.101-0.47.67.2` `kernel-default-extra >= 3.0.101-0.47.67.2` `kernel-pae >= 3.0.101-0.47.67.2` `kernel-pae-base >= 3.0.101-0.47.67.2` `kernel-pae-devel >= 3.0.101-0.47.67.2` `kernel-pae-extra >= 3.0.101-0.47.67.2` `kernel-source >= 3.0.101-0.47.67.2` `kernel-syms >= 3.0.101-0.47.67.2` `kernel-trace-devel >= 3.0.101-0.47.67.2` `kernel-xen >= 3.0.101-0.47.67.2` `kernel-xen-base >= 3.0.101-0.47.67.2` `kernel-xen-devel >= 3.0.101-0.47.67.2` `kernel-xen-extra >= 3.0.101-0.47.67.2`	Patchnames: sledsp3-kernel-201508-12100
SUSE Linux Enterprise Desktop 11 SP4	`kernel-default >= 3.0.101-65.1` `kernel-default-base >= 3.0.101-65.1` `kernel-default-devel >= 3.0.101-65.1` `kernel-default-extra >= 3.0.101-65.1` `kernel-docs >= 3.0.101-65.3` `kernel-pae >= 3.0.101-65.1` `kernel-pae-base >= 3.0.101-65.1` `kernel-pae-devel >= 3.0.101-65.1` `kernel-pae-extra >= 3.0.101-65.1` `kernel-source >= 3.0.101-65.1` `kernel-syms >= 3.0.101-65.1` `kernel-trace-devel >= 3.0.101-65.1` `kernel-xen >= 3.0.101-65.1` `kernel-xen-base >= 3.0.101-65.1` `kernel-xen-devel >= 3.0.101-65.1` `kernel-xen-extra >= 3.0.101-65.1`	Patchnames: sdksp4-kernel-20150908-12114 sledsp4-kernel-20150908-12114
SUSE Linux Enterprise Desktop 12 SP1	`kernel-default >= 3.12.49-11.1` `kernel-default-devel >= 3.12.49-11.1` `kernel-default-extra >= 3.12.49-11.1` `kernel-devel >= 3.12.49-11.1` `kernel-docs >= 3.12.49-11.1` `kernel-macros >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2` `kernel-source >= 3.12.49-11.1` `kernel-syms >= 3.12.49-11.1` `kernel-xen >= 3.12.49-11.1` `kernel-xen-devel >= 3.12.49-11.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA kernel-default-3.12.49-11.1 SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Desktop 12	`kernel-default >= 3.12.44-52.10.1` `kernel-default-devel >= 3.12.44-52.10.1` `kernel-default-extra >= 3.12.44-52.10.1` `kernel-devel >= 3.12.44-52.10.1` `kernel-docs >= 3.12.44-52.10.3` `kernel-macros >= 3.12.44-52.10.1` `kernel-obs-build >= 3.12.44-52.10.1` `kernel-source >= 3.12.44-52.10.1` `kernel-syms >= 3.12.44-52.10.1` `kernel-xen >= 3.12.44-52.10.1` `kernel-xen-devel >= 3.12.44-52.10.1`	Patchnames: SUSE-SLE-DESKTOP-12-2015-356 SUSE-SLE-SDK-12-2015-356 SUSE-SLE-WE-12-2015-356
SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5	`kernel-ec2 >= 3.12.44-52.10.1` `kernel-ec2-devel >= 3.12.44-52.10.1` `kernel-ec2-extra >= 3.12.44-52.10.1`	Patchnames: SUSE-SLE-Module-Public-Cloud-12-2015-356
SUSE Linux Enterprise Live Patching 12		Patchnames: SUSE-SLE-Live-Patching-12-2015-356
SUSE Linux Enterprise Real Time 11 SP3	`kernel-rt >= 3.0.101.rt130-0.33.40.1` `kernel-rt-base >= 3.0.101.rt130-0.33.40.1` `kernel-rt-devel >= 3.0.101.rt130-0.33.40.1` `kernel-rt_trace >= 3.0.101.rt130-0.33.40.1` `kernel-rt_trace-base >= 3.0.101.rt130-0.33.40.1` `kernel-rt_trace-devel >= 3.0.101.rt130-0.33.40.1` `kernel-source-rt >= 3.0.101.rt130-0.33.40.1` `kernel-syms-rt >= 3.0.101.rt130-0.33.40.1`	Patchnames: slertesp3-kernel-rt-201509-12099
SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3	`kernel-bigsmp >= 3.0.101-0.47.67.2` `kernel-bigsmp-base >= 3.0.101-0.47.67.2` `kernel-bigsmp-devel >= 3.0.101-0.47.67.2` `kernel-default >= 3.0.101-0.47.67.2` `kernel-default-base >= 3.0.101-0.47.67.2` `kernel-default-devel >= 3.0.101-0.47.67.2` `kernel-default-man >= 3.0.101-0.47.67.2` `kernel-ec2 >= 3.0.101-0.47.67.2` `kernel-ec2-base >= 3.0.101-0.47.67.2` `kernel-ec2-devel >= 3.0.101-0.47.67.2` `kernel-pae >= 3.0.101-0.47.67.2` `kernel-pae-base >= 3.0.101-0.47.67.2` `kernel-pae-devel >= 3.0.101-0.47.67.2` `kernel-ppc64 >= 3.0.101-0.47.67.2` `kernel-ppc64-base >= 3.0.101-0.47.67.2` `kernel-ppc64-devel >= 3.0.101-0.47.67.2` `kernel-source >= 3.0.101-0.47.67.2` `kernel-syms >= 3.0.101-0.47.67.2` `kernel-trace >= 3.0.101-0.47.67.2` `kernel-trace-base >= 3.0.101-0.47.67.2` `kernel-trace-devel >= 3.0.101-0.47.67.2` `kernel-xen >= 3.0.101-0.47.67.2` `kernel-xen-base >= 3.0.101-0.47.67.2` `kernel-xen-devel >= 3.0.101-0.47.67.2`	Patchnames: slessp3-kernel-201508-12100
SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4	`kernel-default >= 3.0.101-65.1` `kernel-default-base >= 3.0.101-65.1` `kernel-default-devel >= 3.0.101-65.1` `kernel-default-man >= 3.0.101-65.1` `kernel-docs >= 3.0.101-65.3` `kernel-ec2 >= 3.0.101-65.1` `kernel-ec2-base >= 3.0.101-65.1` `kernel-ec2-devel >= 3.0.101-65.1` `kernel-pae >= 3.0.101-65.1` `kernel-pae-base >= 3.0.101-65.1` `kernel-pae-devel >= 3.0.101-65.1` `kernel-ppc64 >= 3.0.101-65.1` `kernel-ppc64-base >= 3.0.101-65.1` `kernel-ppc64-devel >= 3.0.101-65.1` `kernel-source >= 3.0.101-65.1` `kernel-syms >= 3.0.101-65.1` `kernel-trace >= 3.0.101-65.1` `kernel-trace-base >= 3.0.101-65.1` `kernel-trace-devel >= 3.0.101-65.1` `kernel-xen >= 3.0.101-65.1` `kernel-xen-base >= 3.0.101-65.1` `kernel-xen-devel >= 3.0.101-65.1`	Patchnames: sdksp4-kernel-20150908-12114 slessp4-kernel-20150908-12114
SUSE Linux Enterprise Server 12 SP1	`kernel-default >= 3.12.49-11.1` `kernel-default-base >= 3.12.49-11.1` `kernel-default-devel >= 3.12.49-11.1` `kernel-default-extra >= 3.12.49-11.1` `kernel-default-man >= 3.12.49-11.1` `kernel-devel >= 3.12.49-11.1` `kernel-docs >= 3.12.49-11.1` `kernel-macros >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2` `kernel-source >= 3.12.49-11.1` `kernel-syms >= 3.12.49-11.1` `kernel-xen >= 3.12.49-11.1` `kernel-xen-base >= 3.12.49-11.1` `kernel-xen-devel >= 3.12.49-11.1`	Patchnames: SUSE Linux Enterprise Server 12 SP1 GA kernel-default-3.12.49-11.1 SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12	`kernel-default >= 3.12.44-52.10.1` `kernel-default-base >= 3.12.44-52.10.1` `kernel-default-devel >= 3.12.44-52.10.1` `kernel-default-extra >= 3.12.44-52.10.1` `kernel-default-man >= 3.12.44-52.10.1` `kernel-devel >= 3.12.44-52.10.1` `kernel-docs >= 3.12.44-52.10.3` `kernel-ec2 >= 3.12.44-52.10.1` `kernel-ec2-devel >= 3.12.44-52.10.1` `kernel-ec2-extra >= 3.12.44-52.10.1` `kernel-macros >= 3.12.44-52.10.1` `kernel-obs-build >= 3.12.44-52.10.1` `kernel-source >= 3.12.44-52.10.1` `kernel-syms >= 3.12.44-52.10.1` `kernel-xen >= 3.12.44-52.10.1` `kernel-xen-base >= 3.12.44-52.10.1` `kernel-xen-devel >= 3.12.44-52.10.1`	Patchnames: SUSE-SLE-Module-Public-Cloud-12-2015-356 SUSE-SLE-SDK-12-2015-356 SUSE-SLE-SERVER-12-2015-356 SUSE-SLE-WE-12-2015-356
SUSE Linux Enterprise Server for SAP Applications 12 SP1	`kernel-default-extra >= 3.12.49-11.1` `kernel-docs >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Software Development Kit 11 SP4	`kernel-docs >= 3.0.101-65.3`	Patchnames: sdksp4-kernel-20150908-12114
SUSE Linux Enterprise Software Development Kit 12 SP1	`kernel-docs >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1
SUSE Linux Enterprise Software Development Kit 12	`kernel-docs >= 3.12.44-52.10.3` `kernel-obs-build >= 3.12.44-52.10.1`	Patchnames: SUSE-SLE-SDK-12-2015-356
SUSE Linux Enterprise Workstation Extension 12 SP1	`kernel-default-extra >= 3.12.49-11.1`	Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Workstation Extension 12	`kernel-default-extra >= 3.12.44-52.10.1`	Patchnames: SUSE-SLE-WE-12-2015-356

SUSE Timeline for this CVE

CVE page created: Thu Dec 25 20:40:02 2014
CVE page last modified: Mon Feb 3 19:19:56 2025