CVE-2016-5011

Published: 11 April 2017

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Priority

Low

CVSS 3 base score: 4.6

Status

Package Release Status
util-linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.28.1-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.33.1-0.1ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.33.1-0.1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.31.1-0.4ubuntu3.3)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
Upstream: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0