GPT fdisk: Integer underflow — GLSA 202105-03

An integer underflow in sgdisk from GPT fdisk package might allow local attacker(s) to escalate privileges.

Affected packages

sys-apps/gptfdisk on all architectures
Affected versions < 1.0.6
Unaffected versions >= 1.0.6

Background

GPT fdisk (consisting of the gdisk, cgdisk, sgdisk, and fixparts programs) is a set of text-mode partitioning tools for Linux, FreeBSD, Mac OS X, and Windows.

Description

It was discovered that ReadLogicalParts() function in basicmbr.cc was missing a bounds check.

Impact

A local attacker could entice a user to insert a malicious formatted block device (USB stick or SD card for example), that, when processed with sgdisk, possibly resulting in local escalation of privileges or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GPT fdisk users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/gptfdisk-1.0.6"
 

References

Release date
May 26, 2021

Latest revision
May 26, 2021: 1

Severity
normal

Exploitable
local

Bugzilla entries