kernel: integer overflow in kernels with LZ4 support (CVE-2014-4611)
A vulnerability has been identified in the Linux kernel LZ4 implementation.
CVE ID: CVE-2014-4611
Researcher Name: Don A. Bailey
Researcher Organization: Lab Mouse Security
Researcher Email: donb at securitymouse.com
Researcher Website: www.securitymouse.com
Vulnerability Status: Patched
Vulnerability Embargo: Broken
Vulnerability Class: Integer Overflow
Vulnerability Effect: Memory Corruption
Vulnerability Impact: DoS, RCE
Vulnerability DoS Practicality: Practical
Vulnerability RCE Practicality: Practical
Vulnerability Criticality: High
Vulnerability Scope:
All versions of the Linux kernel (3x/2x) with LZ4 support (lib/lz4). LZ4
was introduced in 3.11 so kernels before 3.11 are not affected.
Vulnerability Description
————————————-
An integer overflow can occur when processing any variant of a “literal
run”
in the lz4_uncompress function.
References:
http://www.openwall.com/lists/oss-security/2014/06/26/24
https://bugs.archlinux.org/task/40992
PATCH: https://patchwork.ozlabs.org/patch/365087/
(from redmine: issue id 3124, created on 2014-07-02, closed on 2014-07-25)