CVE-2016-5011 – util-linux: Extended partition loop in MBR partition table leads to DOS

https://notcve.org/view.php?id=CVE-2016-5011

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. La función parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes físicamente próximos provocar una denegación de servicio (consumo de memoria) a través de una tabla de particiones MSDOS manipulada con un registro de arranque de partición extendida en desplazamiento cero. It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. • http://rhn.redhat.com/errata/RHSA-2016-2605.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543 http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801 http://www.openwall.com/lists/oss-security/2016/07/11/2 http://www.securityfocus.com/bid/91683 http://www.securitytracker.com/id/1036272 https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3 https://access.redhat.com/security/cve/CVE-2016-5011 https://bugzilla.redhat. •