A flaw was found in blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
Created blktrace tracking bugs for this issue:
Affects: fedora-all [bug 1575120]
Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2162 https://access.redhat.com/errata/RHSA-2019:2162
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):