CVE-2011-1776

Priority
Description
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before
2.6.39 does not check the size of an Extensible Firmware Interface (EFI)
GUID Partition Table (GPT) entry, which allows physically proximate
attackers to cause a denial of service (heap-based buffer overflow and
OOPS) or obtain sensitive information from kernel heap memory by connecting
a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
Ubuntu-Description
Timo Warns discovered that the EFI GUID partition table was not correctly
parsed. A physically local attacker that could insert mountable devices
could exploit this to crash the system or possibly gain root privileges.
Notes
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
Package
Upstream:released (2.6.39~rc7)
More Information

Updated: 2019-12-05 20:57:04 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)