CVE-2016-5011 - Vulnerability Details

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Power Hardware Management Console Powerkvm
Kernel	Util-linux
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation

Configuration 1 [-]

cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:ibm:powerkvm:2.1:::::::*
	cpe:2.3:a:ibm:powerkvm:3.1:::::::*

Configuration 4 [-]

cpe:2.3:a:ibm:power_hardware_management_console:8.8.6.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
util-linux-0:2.23.2-33.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:2605	2016-11-03T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2016-2605.html
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801
http://www.openwall.com/lists/oss-security/2016/07/11/2
http://www.securityfocus.com/bid/91683
http://www.securitytracker.com/id/1036272
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3
https://nvd.nist.gov/vuln/detail/CVE-2016-5011
https://www.cve.org/CVERecord?id=CVE-2016-5011

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-04-11T15:00:00

Updated: 2024-08-06T00:46:40.241Z

Reserved: 2016-05-24T00:00:00

Link: CVE-2016-5011

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-11T15:59:00.183

Modified: 2024-11-21T02:53:26.467

Link: CVE-2016-5011

Redhat

Severity : Low

Publid Date: 2016-07-11T00:00:00Z

Links: CVE-2016-5011 - Bugzilla

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object