[CVE-2011-1577] fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops
Seth Forshee
seth.forshee at canonical.com
Fri Jun 10 13:33:28 UTC 2011
On Fri, Jun 10, 2011 at 01:18:56PM +0200, Stefan Bader wrote:
> On 10.06.2011 12:05, Andy Whitcroft wrote:
> > CVE-2011-1577
> >
> > Heap-based buffer overflow in the is_gpt_valid function in
> > fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows
> > physically proximate attackers to cause a denial of service (OOPS)
> > or possibly have unspecified other impact via a crafted size of
> > the EFI GUID partition-table header on removable media.
> >
> > This vunerability is fixed by the upstream commit below:
> >
> > commit 3eb8e74ec72736b9b9d728bad30484ec89c91dde
> > Author: Timo Warns <Warns at pre-sense.de>
> > Date: Thu May 26 16:25:57 2011 -0700
> >
> > fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops
> >
> > Following this email are patches for Hardy; Lucid and Lucid/fsl-imx51;
> > and Maverick, Maverick/ti-omap4, Natty and Natty/ti-omap4. Those for
> > Maverick and Natty are clean cherry-picks from mainline, the remainder
> > are backports.
> >
> > Proposing for Hardy, Lucid, Lucid/fsl-imx51, Maverick, Maveric/ti-omap4, Natty,
> > and Natty/ti-omap4.
> >
> > Also needed for Lucid/ec2, Lucid/mvl-dove, and Maverick/mvl-dove which
> > will get it from their parent branch.
> >
> > -apw
> >
> So for Hardy there is only hardsect_size... Otherwise the code section looks
> like upstream. Sounds like a valid approximation.
Agreed, bdev_hardsect_size() appears to convey the same information.
> Acked-by: Stefan Bader <stefan.bader at canonical.com>
Acked-by: Seth Forshee <seth.forshee at canonical.com>
More information about the kernel-team
mailing list