oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: kernel: validate size of EFI GUID partition entries

From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 10 May 2011 09:36:03 +0200

All, thanks for the fast replies. I'd appreciate different text or some
note that its not the same as a recent issue, it would save some work.

thx,
-s

On Tue, May 10, 2011 at 03:32:15PM +0800, Eugene Teo wrote:

On 05/10/2011 03:18 PM, Sebastian Krahmer wrote:


Hi,

Is this really different than what was assigned CVE-2011-1577 to?
See http://www.spinics.net/lists/mm-commits/msg83274.html or the text
on the OSS mail on April 12th which reads exactly the same.


I double-checked, it's different...

Eugene


Sebastian

On Mon, May 09, 2011 at 03:01:06PM -0400, Josh Bressers wrote:



----- Original Message -----

The kernel automatically evaluates partition tables of storage
devices.
The code for evaluating GUID partitions (in fs/partitions/efi.c)
contains a bug that can cause a kernel heap overflow on certain
corrupted GUID partition tables.

http://git.kernel.org/linus/fa039d5f6b126fbd65eefa05db2f67e44df8f121
http://bugzilla.redhat.com/show_bug.cgi?id=703026



Please use CVE-2011-1776

Thanks.

--
    JB




-- 

--
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

---
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany
Previous By Date Next
Previous By Thread Next

Current thread: