VMware Tanzu products update for util-linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-5011 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
VMware Tanzu Application Service for VMs Server applications / Other server solutions Isolation Segment Server applications / Other server solutions Tanzu Greenplum for Kubernetes Other software / Other software solutions VMware Tanzu Operations Manager Server applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU64464
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5011
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows an attacker with physical access to perform DoS attack on the target system.
The vulnerability exists due memory leak in the parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux. An attacker with physical USB access can perform denial of service attack via a crafted MSDOS partition table with an extended partition boot record at zero offset.
MitigationInstall update from vendor's website.
Vulnerable software versionsVMware Tanzu Application Service for VMs: All versions
Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0
Isolation Segment: All versions
VMware Tanzu Operations Manager: before 2.10.44
External linkshttp://tanzu.vmware.com/security/usn-5478-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
