CVE-2011-1776
kernel: validate size of EFI GUID partition entries
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
La función is_gpt_valid en fs/partitions/efi.c en el kernel de Linux v2.6.39 no comprueba el tamaño de una Tabla de particiones GUID (GPT) de un Interface Firmware Extensible (EFI), lo que permite causar a atacantes físicamente próximos una denegación de servicio (desbordamiento de memoria basado en monticulo y OOPS) u obtener información confidencial de la memoria dinámica del kernel conectando un dispositivo GPT de almacenamiento hecho a mano. Se trata de una vulnerabilidad diferente a CVE-2011-1577.
Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-04-19 CVE Reserved
- 2011-05-12 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121 | X_refsource_confirm | |
http://securityreason.com/securityalert/8369 | Third Party Advisory | |
http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt | Third Party Advisory | |
http://www.securityfocus.com/bid/47796 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://openwall.com/lists/oss-security/2011/05/10/4 | 2023-02-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=703026 | 2011-09-12 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2011-0927.html | 2023-02-13 | |
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2011-1776 | 2011-09-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.39 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.39" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "5.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 5.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "5.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
|