oss-security - Re: CVE request: kernel: validate size of EFI GUID partition entries

Openwall GNU/*/Linux 3.0 - a small security-enhanced Linux distro for servers

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 10 May 2011 09:18:21 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: validate size of EFI GUID partition entries

Hi,

Is this really different than what was assigned CVE-2011-1577 to?
See http://www.spinics.net/lists/mm-commits/msg83274.html or the text
on the OSS mail on April 12th which reads exactly the same.

Sebastian

On Mon, May 09, 2011 at 03:01:06PM -0400, Josh Bressers wrote:
> 
> 
> ----- Original Message -----
> > The kernel automatically evaluates partition tables of storage
> > devices.
> > The code for evaluating GUID partitions (in fs/partitions/efi.c)
> > contains a bug that can cause a kernel heap overflow on certain
> > corrupted GUID partition tables.
> > 
> > http://git.kernel.org/linus/fa039d5f6b126fbd65eefa05db2f67e44df8f121
> > http://bugzilla.redhat.com/show_bug.cgi?id=703026
> > 
> 
> Please use CVE-2011-1776
> 
> Thanks.
> 
> -- 
>     JB

-- 

--
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

---
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.