Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66773 | vdb entry |
| http://securitytracker.com/id?1025355 | vdb entry |
| https://bugzilla.redhat.com/show_bug.cgi?id=695976 | |
| http://openwall.com/lists/oss-security/2011/04/13/1 | mailing list |
| http://www.securityfocus.com/bid/47343 | vdb entry |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html | vendor advisory |
| http://securityreason.com/securityalert/8238 | third party advisory |
| http://www.securityfocus.com/archive/1/517477/100/0/threaded | mailing list |
| http://www.spinics.net/lists/mm-commits/msg83274.html | mailing list patch |
| http://downloads.avaya.com/css/P8/documents/100145416 | |
| http://openwall.com/lists/oss-security/2011/04/12/17 | mailing list patch |