CVE-2016-5011
MEDIUM EPSS 36.9%
Published Apr 11, 20179y ago · Modified Jun 17, 20262w ago
4.6 CVSS 3.1
Published Apr 11, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
36.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 19
| Vendor | Product | Version | Range |
|---|---|---|---|
| kernel | util-linux | * | ≤2.28 |
| redhat | enterprise_linux_desktop | 7.0 | any |
| redhat | enterprise_linux_eus | 7.3 | any |
| redhat | enterprise_linux_eus | 7.4 | any |
| redhat | enterprise_linux_eus | 7.5 | any |
| redhat | enterprise_linux_eus | 7.6 | any |
| redhat | enterprise_linux_eus | 7.7 | any |
| redhat | enterprise_linux_server | 7.0 | any |
| redhat | enterprise_linux_server_aus | 7.3 | any |
| redhat | enterprise_linux_server_aus | 7.4 | any |
| redhat | enterprise_linux_server_aus | 7.6 | any |
| redhat | enterprise_linux_server_aus | 7.7 | any |
| redhat | enterprise_linux_server_tus | 7.3 | any |
| redhat | enterprise_linux_server_tus | 7.6 | any |
| redhat | enterprise_linux_server_tus | 7.7 | any |
| redhat | enterprise_linux_workstation | 7.0 | any |
| ibm | powerkvm | 2.1 | any |
| ibm | powerkvm | 3.1 | any |
| ibm | power_hardware_management_console | 8.8.6.0 | any |
References 7
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2605.html
- www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543
- www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801
- openwall.com http://www.openwall.com/lists/oss-security/2016/07/11/2
- securityfocus.com http://www.securityfocus.com/bid/91683
- securitytracker.com http://www.securitytracker.com/id/1036272
- git.kernel.org https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2016/07/11/2
- git.kernel.org https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3