Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel Crashes from Malformed UDF Filesystem
UBUNTU-CVE-2014-9730
Summary
A bug in the Linux kernel's handling of UDF filesystems could cause a system crash if a specially crafted filesystem image is accessed. This affects systems running an older version of the Linux kernel. To fix this, update your kernel to version 3.18.2 or later.
What to do
- Update canonical linux to version 3.13.0-48.80.
- Update canonical linux-lts-utopic to version 3.16.0-31.41~14.04.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Ubuntu:14.04:LTS | canonical | linux |
< 3.13.0-48.80 Fix: upgrade to 3.13.0-48.80
|
| Ubuntu:14.04:LTS | canonical | linux-lts-utopic |
< 3.16.0-31.41~14.04.1 Fix: upgrade to 3.16.0-31.41~14.04.1
|
| Ubuntu:18.04:LTS | canonical | linux-azure | All versions |
| Ubuntu:18.04:LTS | canonical | linux-gcp | All versions |
| Ubuntu:18.04:LTS | canonical | linux-hwe | All versions |
| Ubuntu:18.04:LTS | canonical | linux-hwe-edge | All versions |
| Ubuntu:20.04:LTS | canonical | linux-azure-fde | All versions |
| Ubuntu:Pro:20.04:LTS | canonical | linux-azure-fde-5.15 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gke | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gkeop | All versions |
| Ubuntu:20.04:LTS | canonical | linux-raspi2 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-riscv | All versions |
| Ubuntu:22.04:LTS | canonical | linux-intel-iot-realtime | All versions |
| Ubuntu:22.04:LTS | canonical | linux-realtime | All versions |
| Ubuntu:22.04:LTS | canonical | linux-riscv | All versions |
| Ubuntu:24.04:LTS | canonical | linux-azure-6.11 | All versions |
| Ubuntu:24.04:LTS | canonical | linux-gcp-6.11 | All versions |
| Ubuntu:24.04:LTS | canonical | linux-hwe-6.11 | All versions |
| Ubuntu:24.04:LTS | canonical | linux-lowlatency-hwe-6.11 | All versions |
| Ubuntu:24.04:LTS | canonical | linux-raspi-realtime | All versions |
| Ubuntu:24.04:LTS | canonical | linux-realtime | All versions |
| Ubuntu:24.04:LTS | canonical | linux-riscv | All versions |
Original title
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) v...
Original description
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
- https://ubuntu.com/security/CVE-2014-9730 Third Party Advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237e... Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/06/02/7 Third Party Advisory
- https://ubuntu.com/security/notices/USN-2517-1 Vendor Advisory
- https://ubuntu.com/security/notices/USN-2518-1 Vendor Advisory
- https://ubuntu.com/security/notices/USN-2541-1 Vendor Advisory
- https://ubuntu.com/security/notices/USN-2542-1 Vendor Advisory
- https://ubuntu.com/security/notices/USN-2543-1 Vendor Advisory
- https://ubuntu.com/security/notices/USN-2544-1 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2014-9730 Third Party Advisory
Published: 31 Dec 2014 · Updated: 12 May 2026 · First seen: 12 May 2026