APPLIED: [CVE-2011-1776] Validate size of EFI GUID partition entries
Tim Gardner
tim.gardner at canonical.com
Wed Sep 14 12:54:33 UTC 2011
On 09/14/2011 05:48 AM, Andy Whitcroft wrote:
> CVE-2011-1776
> The is_gpt_valid function in fs/partitions/efi.c in the Linux
> kernel before 2.6.39 does not check the size of an Extensible
> Firmware Interface (EFI) GUID Partition Table (GPT) entry,
> which allows physically proximate attackers to cause a denial of
> service (heap-based buffer overflow and OOPS) or obtain sensitive
> information from kernel heap memory by connecting a crafted GPT
> storage device, a different vulnerability than CVE-2011-1577.
>
> The fix for this issue has hit oneiric and lucid via mainline and
> stable updates. Following this email are two patches, the first for
> hardy and lucid/fsl-imx51, the second for maverick, maverick/ti-omap4,
> and natty/ti-omap4. The hardy patch is a minor backport, the maverick
> patch is a simple cherry-pick.
>
> Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list