| Name | CVE-2021-0308 |
| Description | In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-2549-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gdisk (PTS) | buster | 1.0.3-1.1 | vulnerable |
| bullseye | 1.0.6-1.1 | fixed | |
| bookworm | 1.0.9-2.1 | fixed | |
| sid, trixie | 1.0.10-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gdisk | source | stretch | 1.0.1-1+deb9u1 | DLA-2549-1 | ||
| gdisk | source | (unstable) | 1.0.6-1 |
[buster] - gdisk <no-dsa> (Minor issue)
https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29
https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5