CVE-2014-5472
Description
A crafted iso9660 image with a self-referential CL entry causes an unkillable mount process in the Linux kernel through 3.16.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted iso9660 image with a self-referential CL entry causes an unkillable mount process in the Linux kernel through 3.16.1.
Vulnerability
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through version 3.16.1 contains a flaw that allows a local user to cause a denial of service. By mounting a specially crafted iso9660 image containing a self-referential CL (Rock Ridge) entry, the kernel can enter an infinite loop or become stuck, making the mount process unkillable. This affects all kernels up to and including 3.16.1, as confirmed by the official description [1]. Red Hat Enterprise Linux kernels are also vulnerable, as noted in related advisories [2][3][4].
Exploitation
An attacker must be a local user with the ability to mount a filesystem and provide a malicious iso9660 image. This requires access to a system where the user can execute the mount command, typically on a machine where iso9660 filesystem support is enabled and permitted. The attacker crafts an iso9660 image with a self-referential CL (child link) entry in the Rock Ridge extension, causing the parse_rock_ridge_inode_internal function to process the entry in a way that leads to an unkillable mount process. No additional authentication or special privileges beyond the ability to mount are required.
Impact
Successful exploitation results in a denial of service. The mount process becomes unkillable, potentially hanging the system or consuming resources. The impact is primarily availability, as the attacker cannot achieve code execution or data disclosure. The unkillable process may require a system reboot to recover, affecting system uptime and operations.
Mitigation
Red Hat has released kernel updates to address CVE-2014-5472 as part of various advisories. For Red Hat Enterprise Linux 6.5 Extended Update Support, the fix is included in kernel package version 3.10.0-123.20.1.el7 as per RHSA-2015-0102 [1]. Additional updates are available in RHSA-2015-0782 [2], RHSA-2015-0695 [3], and RHSA-2015-0803 [4]. Users should apply the latest kernel updates from their Linux distribution. No workarounds have been publicly documented. The issue is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
1410dd3cf4c9bVulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4nvdExploitPatch
- git.kernel.orgnvd
- lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlnvd
- marc.infonvd
- marc.infonvd
- rhn.redhat.com/errata/RHSA-2014-1318.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0102.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0695.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0782.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0803.htmlnvd
- www.openwall.com/lists/oss-security/2014/08/27/1nvd
- www.securityfocus.com/bid/69428nvd
- www.ubuntu.com/usn/USN-2354-1nvd
- www.ubuntu.com/usn/USN-2355-1nvd
- www.ubuntu.com/usn/USN-2356-1nvd
- www.ubuntu.com/usn/USN-2357-1nvd
- www.ubuntu.com/usn/USN-2358-1nvd
- www.ubuntu.com/usn/USN-2359-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- code.google.com/p/google-security-research/issues/detailnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/95556nvd
News mentions
0No linked articles in our index yet.