Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Util-linux Vendors:
Util-linux MBR Partition Parsing Bug Lets Physically Local Users Cause Denial of Service Conditions on the Target System
SecurityTracker Alert ID:  1036272
SecurityTracker URL:
CVE Reference:   CVE-2016-5011   (Links to External Site)
Date:  Jul 12 2016
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Util-linux. A local user can cause denial of service conditions on the target system.

A physically local user can connect a device with a specially crafted Master Boot Record (MBR) to the target system to trigger a partition table parsing error in the extended boot record and consume all available memory. This can be exploited to cause the target system to become unresponsive.

Christian Moch and Michael Gruhn reported this vulnerability.

Impact:   A physically local user can cause the target system to become unresponsive.
Solution:   The vendor has issued a source code fix, available at:

Vendor URL: (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Linux (Any)

Message History:   None.

 Source Message Contents

Subject:  [oss-security] CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS

Content-Type: text/plain; charset=UTF-8


This is to disclose the following CVE:

CVE-2016-5011: util-linux: Extended partition loop in MBR partition table
leads to DoS

Description :
The util-linux libblkid is vulnerable to a Denial of Service attack during
MSDOS partition table parsing, in the extended partition boot record (EBR).
If the next EBR starts at relative offset 0, parse_dos_extended() will loop
until running out of memory. An attacker could install a specially crafted
MSDOS partition table in a storage device and trick a user into using it.
This library is used, among others, by systemd-udevd daemon.

Upstream patch:
libblkid: ignore extended partition at zero offset

Impact: Low
CVSS3 scoring : AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C

Reported by: Christian Moch & Michael Gruhn

Best Regards,

Cedric Buissart,
Product Security


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC