kernel-packages team mailing list archive

Thread
Date

[Bug 1335314] [NEW] CVE-2014-4611

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Date: Fri, 27 Jun 2014 20:19:04 -0000
Reply-to: Bug 1335314 <1335314@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:

All versions of the LZ4 software:https://code.google.com/p/lz4 Functions
Affected:      lz4.c:LZ4_decompress_generic Criticality Reasoning
--------------------- Due to the design of the algorithm, an attacker
can specify any desired offset to a write pointer. The attacker can
instrument the write in such a way as to only write four bytes at a
specified offset. Subsequent code will allow the attacker to escape from
the decompression algorithm without further memory corruption. This may
allow the attacker to overwrite critical structures in memory that
affect flow of execution. White DoS and OOW are obvious side effects of
this flaw, RCE with respect to this flaw is untested. Vulnerability
Description ------------------------- An integer overflow can occur when
processing any variant of a "literal run" in the affected function.

Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9
206204a1162b995e2185275167b22468c00d6b36

** Affects: linux (Ubuntu)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-fsl-imx51 (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Lucid)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Precise)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Precise)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-lts-raring (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-lts-saucy (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux-mvl-dove (Ubuntu Precise)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Precise)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Saucy)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Saucy)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Saucy)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Trusty)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Trusty)
     Importance: Medium
         Status: Invalid

** Affects: linux (Ubuntu Utopic)
     Importance: Medium
         Status: New

** Affects: linux-armadaxp (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid

** Affects: linux-ec2 (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Utopic)
     Importance: Undecided
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Utopic)
     Importance: Undecided
         Status: New

** Affects: linux-lts-quantal (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Utopic)
     Importance: Medium
         Status: Invalid


** Tags: kernel-cve-tracking-bug

** Tags added: kernel-cve-tracking-bug

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4611

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1335314

Title:
  CVE-2014-4611

Status in “linux” package in Ubuntu:
  New
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  New
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  New
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  New
Status in “linux-armadaxp” source package in Precise:
  New
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  New
Status in “linux-lts-raring” source package in Precise:
  New
Status in “linux-lts-saucy” source package in Precise:
  New
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  New
Status in “linux” source package in Saucy:
  New
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  New
Status in “linux-lts-backport-natty” source package in Saucy:
  New
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  New
Status in “linux” source package in Trusty:
  New
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  New
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  All versions of the LZ4 software:https://code.google.com/p/lz4
  Functions Affected:      lz4.c:LZ4_decompress_generic Criticality
  Reasoning --------------------- Due to the design of the algorithm, an
  attacker can specify any desired offset to a write pointer. The
  attacker can instrument the write in such a way as to only write four
  bytes at a specified offset. Subsequent code will allow the attacker
  to escape from the decompression algorithm without further memory
  corruption. This may allow the attacker to overwrite critical
  structures in memory that affect flow of execution. White DoS and OOW
  are obvious side effects of this flaw, RCE with respect to this flaw
  is untested. Vulnerability Description ------------------------- An
  integer overflow can occur when processing any variant of a "literal
  run" in the affected function.

  Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9
  206204a1162b995e2185275167b22468c00d6b36

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335314/+subscriptions

Follow ups

[Bug 1335314] Re: CVE-2014-4611
From: Rolf Leggewie, 2016-04-24
[Bug 1335314] Re: CVE-2014-4611
From: Rolf Leggewie, 2016-04-24
[Bug 1335314] Re: CVE-2014-4611
From: Steve Beattie, 2016-01-27
[Bug 1335314] Re: CVE-2014-4611
From: Steve Beattie, 2016-01-27
[Bug 1335314] Re: CVE-2014-4611
From: Rolf Leggewie, 2015-06-17
[Bug 1335314] Re: CVE-2014-4611
From: Rolf Leggewie, 2015-06-17
[Bug 1335314] Re: CVE-2014-4611
From: John Johansen, 2015-05-08
[Bug 1335314] Re: CVE-2014-4611
From: Mathew Hodson, 2015-03-25
[Bug 1335314] Re: CVE-2014-4611
From: Rolf Leggewie, 2014-12-05
[Bug 1335314] Re: CVE-2014-4611
From: Rolf Leggewie, 2014-12-05
[Bug 1335314] Re: CVE-2014-4611
From: Launchpad Bug Tracker, 2014-07-16
[Bug 1335314] Re: CVE-2014-4611
From: Launchpad Bug Tracker, 2014-07-16
[Bug 1335314] Re: CVE-2014-4611
From: Launchpad Bug Tracker, 2014-07-16
[Bug 1335314] Re: CVE-2014-4611
From: Launchpad Bug Tracker, 2014-07-11
[Bug 1335314] Re: CVE-2014-4611
From: John Johansen, 2014-07-10
[Bug 1335314] Re: CVE-2014-4611
From: John Johansen, 2014-07-08
[Bug 1335314] Re: CVE-2014-4611
From: Launchpad Bug Tracker, 2014-07-03
[Bug 1335314] Re: CVE-2014-4611
From: John Johansen, 2014-07-01
[Bug 1335314] Re: CVE-2014-4611
From: John Johansen, 2014-06-27
[Bug 1335314] [NEW] CVE-2014-4611
From: John Johansen, 2014-06-27

References

[Bug 1335314] [NEW] CVE-2014-4611
From: John Johansen, 2014-06-27