Published: 03/07/2014 Updated: 11/04/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel prior to 3.15.2 allow context-dependent malicious users to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
suse linux enterprise real time extension 11
opensuse opensuse 11.4
suse linux enterprise server 11
canonical ubuntu linux 14.10
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, several bugs,and add one enhancement are now available for Red Hat Enterprise Linux 65Extended Update SupportRed Hat Product Secu ...

arch/x86/kernel/entry_32S in the Linux kernel through 3151 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 Array index error in the aio_read_events_ring function in ...

Several security issues were fixed in the kernel ...

The system could be made to deny write access to files ...

Several security issues were fixed in the kernel ...

An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system ...

CWE-190 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 https://www.securitymouse.com/lms-2014-06-16-2 https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce https://bugzilla.redhat.com/show_bug.cgi?id=1113899 http://www.oberhumer.com/opensource/lzo/http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://www.openwall.com/lists/oss-security/2014/06/26/21 http://www.securityfocus.com/bid/68214 http://secunia.com/advisories/60011 http://www.ubuntu.com/usn/USN-2421-1 http://www.ubuntu.com/usn/USN-2419-1 http://www.ubuntu.com/usn/USN-2416-1 http://www.ubuntu.com/usn/USN-2420-1 http://www.ubuntu.com/usn/USN-2418-1 http://www.ubuntu.com/usn/USN-2417-1 http://secunia.com/advisories/62633 http://secunia.com/advisories/60174 http://rhn.redhat.com/errata/RHSA-2015-0062.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce https://access.redhat.com/errata/RHSA-2015:0062 https://nvd.nist.gov https://usn.ubuntu.com/2421-1/https://access.redhat.com/security/cve/cve-2014-4608 https://alas.aws.amazon.com/ALAS-2014-368.html

CVE-2014-4608

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect