A buffer overflow in blktrace might allow arbitrary code execution.
Package | sys-block/blktrace on all architectures |
---|---|
Affected versions | < 1.2.0_p20210419122502 |
Unaffected versions | >= 1.2.0_p20210419122502 |
blktrace shows detailed information about what is happening on a block device IO queue.
A crafted file could cause a buffer overflow in the ‘dev_map_read’ function because the device and devno arrays are too small.
A remote attacker could entice a user to open a specially crafted file using blktrace, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All blktrace users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-block/blktrace-1.2.0_p20210419122502"
Release date
July 08, 2021
Latest revision
July 08, 2021: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries