CVE-2011-1776

Priority
Low
Description
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before
2.6.39 does not check the size of an Extensible Firmware Interface (EFI)
GUID Partition Table (GPT) entry, which allows physically proximate
attackers to cause a denial of service (heap-based buffer overflow and
OOPS) or obtain sensitive information from kernel heap memory by connecting
a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
Ubuntu-Description
Timo Warns discovered that the EFI GUID partition table was not correctly
parsed. A physically local attacker that could insert mountable devices
could exploit this to crash the system or possibly gain root privileges.
References
Bugs
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.39~rc7)
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa039d5f6b126fbd65eefa05db2f67e44df8f121
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
More Information

Updated: 2017-12-15 20:29:19 UTC (commit 13913)