Linux Kernel LZO Compression Buffer Overrun Vulnerability

Vulnerability

A buffer overrun vulnerability in the LZO compression code of the Linux kernel has been addressed. Unlike the decompression process, the compression routine did not verify output boundaries, relying on the assumption that sufficient buffer space was always provided by the caller. This oversight allowed for potential buffer overflows. The vulnerability has been mitigated by introducing a safe compression interface that checks buffer limits before writing, and by applying this interface in the LZO compression code.

Impact

Exploitation of this vulnerability could lead to buffer overrun issues, potentially allowing for arbitrary code execution or causing a denial-of-service condition.

Added: Jun 18, 2025, 10:43 AM

Updated: Jun 18, 2025, 10:43 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel LZO Compression Buffer Overrun Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating