CVE-2011-1017

Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.

From the Ubuntu Security Team

Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-1164-1
• Linux kernel vulnerabilities (i.MX51)
• 6 July 2011
• USN-1202-1
• Linux kernel (OMAP4) vulnerabilities
• 13 September 2011
• USN-1160-1
• Linux kernel vulnerabilities
• 28 June 2011
• USN-1168-1
• Linux kernel vulnerabilities
• 15 July 2011
• USN-1162-1
• Linux kernel vulnerabilities (Marvell Dove)
• 29 June 2011
• USN-1146-1
• Linux kernel vulnerabilities
• 9 June 2011
• USN-1167-1
• Linux kernel vulnerabilities
• 13 July 2011
• USN-1187-1
• Linux kernel (Maverick backport) vulnerabilities
• 9 August 2011
• USN-1111-1
• Linux kernel vulnerabilities
• 5 May 2011
• USN-1212-1
• Linux kernel (OMAP4) vulnerabilities
• 21 September 2011
• USN-1161-1
• Linux kernel vulnerabilities (EC2)
• 13 July 2011
• USN-1159-1
• Linux kernel vulnerabilities (Marvell Dove)
• 13 July 2011

Other references

• https://www.cve.org/CVERecord?id=CVE-2011-1017