Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386417 - Kernel: is_gpt_valid(): Denial of Service (CVE-2011-1776)
Summary: Kernel: is_gpt_valid(): Denial of Service (CVE-2011-1776)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: [linux < 2.6.39]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 17:25 UTC by GLSAMaker/CVETool Bot
Modified: 2013-09-16 00:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 17:25:40 UTC 
CVE-2011-1776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1776):
  The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before
  2.6.39 does not check the size of an Extensible Firmware Interface (EFI)
  GUID Partition Table (GPT) entry, which allows physically proximate
  attackers to cause a denial of service (heap-based buffer overflow and OOPS)
  or obtain sensitive information from kernel heap memory by connecting a
  crafted GPT storage device, a different vulnerability than CVE-2011-1577.