Описание
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | util-linux | Will not fix | ||
| Red Hat Enterprise Linux 6 | util-linux-ng | Will not fix | ||
| Red Hat Enterprise Linux 7 | util-linux | Fixed | RHSA-2016:2605 | 03.11.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
4.9 Medium
CVSS2
Связанные уязвимости
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
The parse_dos_extended function in partitions/dos.c in the libblkid li ...
EPSS
4.6 Medium
CVSS3
4.9 Medium
CVSS2