// For flags

CVE-2014-4611

Ubuntu Security Notice USN-2287-1

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Desbordamiento de enteros en la implementación del algoritmo LZ4, utilizado en Yann Collet LZ4 anterior a r118 y en la función lz4_uncompress en lib/lz4/lz4_decompress.c en el kernel de Linux anterior a 3.15.2, en plataformas de 32-bits permite a atacantes dependientes del contexto provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un 'Literal Run' manipulado que sería manejado inadecuadamente por programas que no obedecen una limitación en la API, una vulnerabilidad diferente a CVE-2014-4715

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. It was discovered that an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-06-23 CVE Reserved
  • 2014-07-03 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-08-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (31)
URL Tag Source
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html Third Party Advisory
http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206204a1162b995e2185275167b22468c00d6b36 X_refsource_confirm
http://secunia.com/advisories/59567 Third Party Advisory
http://secunia.com/advisories/59770 Third Party Advisory
http://secunia.com/advisories/60238 Third Party Advisory
http://twitter.com/djrbliss/statuses/484931749013495809 Third Party Advisory
http://twitter.com/djrbliss/statuses/485042901399789568 Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/06/26/24 Mailing List
http://www.securitytracker.com/id/1030491 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1112436 Issue Tracking
https://code.google.com/p/lz4/issues/detail?id=52 Third Party Advisory
https://code.google.com/p/lz4/source/detail?r=118 Third Party Advisory
https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36 Third Party Advisory
https://lists.apache.org/thread.html/r0038b5836e3bc91af3ff93721c0fc55d6543afab8cec47df7361fa0e%40%3Ccommon-dev.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r0addc410fdd680330054deb526323edb29e869e8d1097593f538e208%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r229456b1fa718e329232bd7ceca4bd3e81ac55f2ec4db7314f1d7fcb%40%3Ccommon-commits.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r31eb601a8415525fa4a77b2f624c09be3550599898468ab96d508f90%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r35b9f26c8ad91094d37bea0256012aeb065e32ff73dda5f934fefeb3%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5c9b4826bbd8933e4688db62f6ed9008cabb8f26bcea84d4e309caf7%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r62f398f40f522cf59cfd89428835d4ca633a9764d82e4b7a12c37add%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r6794c8ff8f339d95a80415b0afbe71d5eda1b97bdaca19bec78d0f8f%40%3Ccommon-commits.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r6c998e1a47c1c3fba61a80d0dcc4b39c7fc452400c7051f685b76c0b%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8e0111cd64a455b0a33ab12a50fba724a0218f283c759f16da8864c2%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/ra72a62803eeabb6a8dc65032ca81b13ab75c271e4dff2df27c2915bb%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rb301598bf24ecb6f4ce405c2a2ae23905fc4dce64277c020fc3883e5%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf4cb13d6ee891dfe2307389c8c6594a0cb10d9efb72be8bd2f97cb76%40%3Ccommon-issues.hadoop.apache.org%3E Mailing List
https://www.securitymouse.com/lms-2014-06-16-5 Broken Link
https://www.securitymouse.com/lms-2014-06-16-6 Broken Link
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-updates/2014-07/msg00025.html 2023-11-07
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 3.15.2
Search vendor "Linux" for product "Linux Kernel" and version " < 3.15.2"
-
Affected