Vigil@nce: Linux kernel, denial of service via EFI
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can mount a device with a malicious EFI partition, in
order to stop the system.
– Severity: 1/4
– Creation date: 13/04/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The fs/partitions/efi.c file implements the support of EFI
partitions (Extensible Firmware Interface). These partitions are
automatically read when a user connects/mounts a device formatted
with EFI.
The is_gpt_valid() function computes the CRC32 of the EFI GPT
(GUID Partition Table). However, the is_gpt_valid() function does
not check if size is too large, and then tries to read at an
invalid memory address.
An attacker can therefore mount a device with a malicious EFI
partition, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFI-10565