[v3.0] kernel: integer overflow in kernels with LZO support (CVE-2014-4608)
A vulnerability has been identified in the Linux kernel implementation
of
the LZO algorithm. Please find the bug report inline.
CVE ID: CVE-2014-4608
Researcher Name: Don A. Bailey
Researcher Organization: Lab Mouse Security
Researcher Email: donb at securitymouse.com
Researcher Website: www.securitymouse.com
Vulnerability Status: Patched
Vulnerability Embargo: Broken
Vulnerability Class: Integer Overflow
Vulnerability Effect: Memory Corruption
Vulnerability Impact: DoS, OOW
Vulnerability DoS Practicality: Practical
Vulnerability OOW Practicality: Impractical
Vulnerability Criticality: Moderate
Vulnerability Scope:
All versions of the Linux kernel (3x/2x) with LZO support (lib/lzo)
that
set the HAVE_EFFICIENT_UNALIGNED_ACCESS configuration option.
Currently,
this seems to include PowerPC and i386.
Functions Affected:
lib/lzo/lzo1x_decompress_safe.c:lzo1x_decompress_safe
Vulnerability Resolution
————————————
To resolve this issue, the HAVE_OP and HAVE_IP macros should be
enhanced to
detect for integer overflow. This is the most reasonable and efficient
location for catching corrupted or instrumented payloads. By testing
for
overflow here, an attacker is simply wasting time by forcing the
function
to process a large amount of zero bytes.
References:
http://www.openwall.com/lists/oss-security/2014/06/26/21
https://security-tracker.debian.org/tracker/CVE-2014-4608
COMMIT:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
https://access.redhat.com/security/cve/CVE-2014-4608
(from redmine: issue id 3117, created on 2014-07-01, closed on 2017-05-17)
- Relations:
- parent #3113
- Changesets:
- Revision 9f3033fd by Natanael Copa on 2014-07-07T11:45:30Z:
main/linux-grsec: upgrade to 3.14.10 (CVE-2014-0206,CVE-2014-4508,CVE-2014-4608)
fixes #3117
(cherry picked from commit faaf1af720a7e1cc36422f18e5d4ce53a914f910)