MNBSD-2020-11: udf file entry length validation overflow

Severity: Unknown

Affected Package: kernel

Summary: udf file entry length validation overflow

Description

The udf file system did not validate the full file entry length. A corrupted UDF file entry containing invalid extended attribute lengths or allocation descriptor lengths could trigger an overflow when the file entry is loaded, for example when mounting a malicious UDF image. Discovered by C Turt.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases:

Published: September 23, 2020
Last Modified: September 23, 2020