Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1776

Опубликовано: 06 мая 2011
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

Отчет

This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise MRG 1realtime-kernelAffected
Red Hat Enterprise Linux 5kernelFixedRHSA-2011:092715.07.2011
Red Hat Enterprise Linux 6kernelFixedRHSA-2011:118923.08.2011
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2011:125312.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=703026kernel: validate size of EFI GUID partition entries

EPSS

Процентиль: 32%
0.00117
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1776

CVSS3: 6.1
ubuntu
почти 14 лет назад

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

nvd логотип

CVE-2011-1776

CVSS3: 6.1
nvd
почти 14 лет назад

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

debian логотип

CVE-2011-1776

CVSS3: 6.1
debian
почти 14 лет назад

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel b ...

github логотип

GHSA-568c-8p2x-qrp5

CVSS3: 6.1
github
около 3 лет назад

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

fstec логотип

BDU:2015-04343

fstec
больше 10 лет назад

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 32%
0.00117
Низкий

4.9 Medium

CVSS2