CVE-2016-5011

9 documents8 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 65.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kernel Util-linux IBM Power Hardware Management Console IBM Powerkvm +6 more

Timeline

PublishedApr 11

Latest updateJun 14

Description

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages7 packages

▶Debianutil-linux< 2.28.1-1+3

▶NVDkernel/util-linux2.28

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.openwall.com ↗Patch: git.kernel.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-hmj7-c9x8-f363: The parse_dos_extended function in partitions/dos↗2022-05-13

▶

OSV

CVE-2016-5011: The parse_dos_extended function in partitions/dos↗2017-04-11

▶

CVEList

CVE-2016-5011: The parse_dos_extended function in partitions/dos↗2017-04-11

▶

📋Vendor Advisories

Ubuntu

util-linux vulnerability↗2022-06-14

▶

Red Hat

util-linux: Extended partition loop in MBR partition table leads to DOS↗2016-07-11

▶

Debian

CVE-2016-5011: util-linux - The parse_dos_extended function in partitions/dos.c in the libblkid library in u...↗2016

▶

💬Community

Bugzilla

CVE-2016-5011 util-linux: Extended partition loop in MBR partition table leads to DOS [fedora-all]↗2016-07-11

▶

Bugzilla

CVE-2016-5011 util-linux: Extended partition loop in MBR partition table leads to DOS↗2016-06-24

▶