Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel EFI/XFS DoS
updated since 14.04.2011
Published:25.05.2011
Source:
SecurityVulns ID:11588
Type:local
Threat Level:
4/10
Description:Buffer overflow on partiotion GUID parsing.
Affected:LINUX : kernel 2.6
CVE:CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.)
 CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.)
 CVE-2011-0711 (The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.)
Original documentdocumentUBUNTU, [USN-1133-1] Linux kernel vulnerabilities (25.05.2011)
 documentTimo Warns, [PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel (12.05.2011)
 documentTimo Warns, [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel (14.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod