CVE-2016-5011

moderate-risk
Published 2017-04-11

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Do I need to act?

-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
PHYSICAL / LOW complexity

Affected Products (19)

Util-Linux
Power Hardware Management Console

Affected Vendors

Redhat Ibm Kernel

References (14)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2605.html
Third Party Advisory http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543
Third Party Advisory http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801
Mailing List http://www.openwall.com/lists/oss-security/2016/07/11/2
Third Party Advisory http://www.securityfocus.com/bid/91683
Third Party Advisory http://www.securitytracker.com/id/1036272
Patch https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1...
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2605.html
Third Party Advisory http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543
Third Party Advisory http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801
Mailing List http://www.openwall.com/lists/oss-security/2016/07/11/2
Third Party Advisory http://www.securityfocus.com/bid/91683
Third Party Advisory http://www.securitytracker.com/id/1036272
Patch https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1...
36
/ 100
moderate-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 19/34 · Moderate