oss-sec mailing list archives
LMS-2014-06-16-5: Linux Kernel LZ4
From: "Don A. Bailey" <donb () securitymouse com>
Date: Thu, 26 Jun 2014 12:57:25 -0600
Hello All, A vulnerability has been identified in the Linux kernel LZ4 implementation. Please find the bug report attached inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ ############################################################################# # # Lab Mouse Security Report # LMS-2014-06-16-5 # Report ID: LMS-2014-06-16-5 CVE ID: CVE-2014-4611 Researcher Name: Don A. Bailey Researcher Organization: Lab Mouse Security Researcher Email: donb at securitymouse.com Researcher Website: www.securitymouse.com Vulnerability Status: Patched Vulnerability Embargo: Broken Vulnerability Class: Integer Overflow Vulnerability Effect: Memory Corruption Vulnerability Impact: DoS, RCE Vulnerability DoS Practicality: Practical Vulnerability RCE Practicality: Practical Vulnerability Criticality: High Vulnerability Scope: All versions of the Linux kernel (3x/2x) with LZ4 support (lib/lz4). Functions Affected: lib/lz4/lz4_decompress.c:lz4_uncompress Criticality Reasoning --------------------- Due to the design of the algorithm, an attacker can specify any desired offset to a write pointer. The attacker can instrument the write in such a way as to only write four bytes at a specified offset. Subsequent code will allow the attacker to escape from the decompression algorithm without further memory corruption. This may allow the attacker to overwrite critical structures in memory that affect flow of execution. Vulnerability Description ------------------------- An integer overflow can occur when processing any variant of a "literal run" in the lz4_uncompress function. Vulnerability Resolution ------------------------ The Linux kernel team has resolved this vulnerability.
Current thread:
- LMS-2014-06-16-5: Linux Kernel LZ4 Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 Eddie Chapman (Jun 27)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 Don A. Bailey (Jun 27)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P (Jun 27)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 Eddie Chapman (Jun 27)