A buffer overflow in blktrace might allow arbitrary code execution.
|Package||sys-block/blktrace on all architectures|
|Affected versions||< 1.2.0_p20210419122502|
|Unaffected versions||>= 1.2.0_p20210419122502|
blktrace shows detailed information about what is happening on a block device IO queue.
A crafted file could cause a buffer overflow in the ‘dev_map_read’ function because the device and devno arrays are too small.
A remote attacker could entice a user to open a specially crafted file using blktrace, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All blktrace users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-block/blktrace-1.2.0_p20210419122502"
July 08, 2021
July 08, 2021: 1