CVE-2011-1776

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise versions prior to 2.6.39 btrfs-kmp-xen (affected versions not specified) btrfs-kmp-pae (affected versions not specified) kernel-desktop-devel (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the SUSE Linux Enterprise operating system, specifically in the btrfs-kmp-xen, btrfs-kmp-pae, and kernel-desktop-devel packages. These vulnerabilities can be exploited locally and may lead to a breach of confidentiality, integrity, and availability of protected information. A specific vulnerability in the Linux kernel before version 2.6.39 is related to the is gpt valid function in fs/partitions/efi.c, which does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry. This allows physically proximate attackers to cause a denial of service or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device.

Recommendations For SUSE Linux Enterprise versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue. For btrfs-kmp-xen, btrfs-kmp-pae, and kernel-desktop-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.