[CVE-2011-1776] Validate size of EFI GUID partition entries

Andy Whitcroft apw at canonical.com
Wed Sep 14 11:48:18 UTC 2011

	The is_gpt_valid function in fs/partitions/efi.c in the Linux
	kernel before 2.6.39 does not check the size of an Extensible
	Firmware Interface (EFI) GUID Partition Table (GPT) entry,
	which allows physically proximate attackers to cause a denial of
	service (heap-based buffer overflow and OOPS) or obtain sensitive
	information from kernel heap memory by connecting a crafted GPT
	storage device, a different vulnerability than CVE-2011-1577.

The fix for this issue has hit oneiric and lucid via mainline and
stable updates.  Following this email are two patches, the first for
hardy and lucid/fsl-imx51, the second for maverick, maverick/ti-omap4,
and natty/ti-omap4.  The hardy patch is a minor backport, the maverick
patch is a simple cherry-pick.

Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4,
and natty/ti-omap4.


More information about the kernel-team mailing list