#VU64464 Memory leak in Util-linux - CVE-2016-5011
Published: June 17, 2022
Vulnerability identifier: #VU64464
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5011
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Util-linux
Util-linux
Software vendor:
kernel.org
kernel.org
Description
The vulnerability allows an attacker with physical access to perform DoS attack on the target system.
The vulnerability exists due memory leak in the parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux. An attacker with physical USB access can perform denial of service attack via a crafted MSDOS partition table with an extended partition boot record at zero offset.
Remediation
Install updates from vendor's website.
External links
- http://rhn.redhat.com/errata/RHSA-2016-2605.html
- http://www.openwall.com/lists/oss-security/2016/07/11/2
- http://www.securityfocus.com/bid/91683
- http://www.securitytracker.com/id/1036272
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801
- https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3