Описание
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
Отчет
Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | blktrace | Will not fix | ||
| Red Hat Enterprise Linux 6 | blktrace | Will not fix | ||
| Red Hat Enterprise Linux 8 | blktrace | Not affected | ||
| Red Hat Enterprise Linux 7 | blktrace | Fixed | RHSA-2019:2162 | 06.08.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel a ...
EPSS
4.8 Medium
CVSS3