PT-2014-1826 · Linux+5 · Linux Kernel+5

Published

2014-06-27

Updated

2025-01-27

CVE-2014-4608

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.15.2 Red Hat Enterprise Linux (affected versions not specified)

Description The issue involves multiple integer overflows in the lzo1x decompress safe function in the LZO decompressor, which can be exploited by context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. The exploitation can be done remotely. However, the author of the LZO algorithms claims that the Linux kernel is not affected.

Recommendations For Linux kernel versions prior to 3.15.2, update to version 3.15.2 or later to resolve the issue. For Red Hat Enterprise Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-399

Related Identifiers

ALT-PU-2014-1847

ALT-PU-2015-1794

BDU:2015-06243

BDU:2015-06250

CESA-2014_1392

CVE-2014-4608

OPENSUSE-SU-2014_1669-1

OPENSUSE-SU-2014_1677-1

RHSA-2014:1392

RHSA-2014_1392

RHSA-2015:0062

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2281-1

USN-2282-1

USN-2283-1

USN-2284-1

USN-2285-1

USN-2286-1

USN-2287-1

USN-2288-1

USN-2289-1

USN-2290-1

USN-2415-1

USN-2416-1

USN-2417-1

USN-2418-1

USN-2419-1

USN-2420-1

USN-2421-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2014-1826 · Linux+5 · Linux Kernel+5

CVE-2014-4608

Weakness Enumeration

Related Identifiers

Affected Products

References · 74