7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%
DISPUTED Multiple integer overflows in the lzo1x_decompress_safe
function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the
Linux kernel before 3.15.2 allow context-dependent attackers to cause a
denial of service (memory corruption) via a crafted Literal Run. NOTE: the
author of the LZO algorithms says “the Linux kernel is not affected;
media hype.”
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
jj | 206a81c18401c0cde6e579164f752c4b147324ce original commit was incomplete reverted by af958a38a60c7ca3d8a39c918c1baa2ff7b6b233 and replaced by 72cf90124e87d975d0b2114d930808c58b4c05e4, cause of -2 USN update |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-68.135 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-72.107 | UNKNOWN |
ubuntu | 13.10 | noarch | linux | < 3.11.0-26.45 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-40.69 | UNKNOWN |
ubuntu | 14.10 | noarch | linux | < 3.16.0-25.33 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1641.59 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-372.89 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-raring | < 3.8.0-44.66~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-40.69~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1456.76 | UNKNOWN |
blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
fastcompression.blogspot.ca/2014/06/debunking-lz4-20-years-old-bug-myth.html
launchpad.net/bugs/cve/CVE-2014-4608
nvd.nist.gov/vuln/detail/CVE-2014-4608
security-tracker.debian.org/tracker/CVE-2014-4608
ubuntu.com/security/notices/USN-2281-1
ubuntu.com/security/notices/USN-2282-1
ubuntu.com/security/notices/USN-2283-1
ubuntu.com/security/notices/USN-2284-1
ubuntu.com/security/notices/USN-2285-1
ubuntu.com/security/notices/USN-2286-1
ubuntu.com/security/notices/USN-2287-1
ubuntu.com/security/notices/USN-2288-1
ubuntu.com/security/notices/USN-2289-1
ubuntu.com/security/notices/USN-2290-1
ubuntu.com/security/notices/USN-2415-1
ubuntu.com/security/notices/USN-2416-1
ubuntu.com/security/notices/USN-2417-1
ubuntu.com/security/notices/USN-2418-1
ubuntu.com/security/notices/USN-2419-1
ubuntu.com/security/notices/USN-2420-1
ubuntu.com/security/notices/USN-2421-1
www.cve.org/CVERecord?id=CVE-2014-4608