blktrace: Buffer overflow

2021-07-08T00:00:00
ID GLSA-202107-15
Type gentoo
Reporter Gentoo Foundation
Modified 2021-07-08T00:00:00

Description

Background

blktrace shows detailed information about what is happening on a block device IO queue.

Description

A crafted file could cause a buffer overflow in the ‘dev_map_read’ function because the device and devno arrays are too small.

Impact

A remote attacker could entice a user to open a specially crafted file using blktrace, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All blktrace users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=sys-block/blktrace-1.2.0_p20210419122502"