blktrace shows detailed information about what is happening on a block device IO queue.
A crafted file could cause a buffer overflow in the ‘dev_map_read’ function because the device and devno arrays are too small.
A remote attacker could entice a user to open a specially crafted file using blktrace, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All blktrace users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=sys-block/blktrace-1.2.0_p20210419122502"