[CVE-2011-1776] Validate size of EFI GUID partition entries
Andy Whitcroft
apw at canonical.com
Wed Sep 14 11:48:18 UTC 2011
CVE-2011-1776
The is_gpt_valid function in fs/partitions/efi.c in the Linux
kernel before 2.6.39 does not check the size of an Extensible
Firmware Interface (EFI) GUID Partition Table (GPT) entry,
which allows physically proximate attackers to cause a denial of
service (heap-based buffer overflow and OOPS) or obtain sensitive
information from kernel heap memory by connecting a crafted GPT
storage device, a different vulnerability than CVE-2011-1577.
The fix for this issue has hit oneiric and lucid via mainline and
stable updates. Following this email are two patches, the first for
hardy and lucid/fsl-imx51, the second for maverick, maverick/ti-omap4,
and natty/ti-omap4. The hardy patch is a minor backport, the maverick
patch is a simple cherry-pick.
Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4,
and natty/ti-omap4.
-apw
More information about the kernel-team
mailing list