Issue 669440 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 669439
Owner:	----
Closed:	Nov 2016
Cc:	chromeos-kernel-security-bug-access@google.com
Components:	OS>Kernel
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	2
Type:	Bug-Security
Vomit allpublic

CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_10

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Nov 29 2016

Issue description

Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: sys-kernel/chromeos-kernel-3_10
Package Version: [cpe:/o:linux:linux_kernel:3.10.18]

Advisory: CVE-2015-5707
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-5707
  CVSS severity score: 4.6/10.0
  Confidence: high
  Description:

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

Comment 1 by mnissler@chromium.org, Nov 29 2016

Components: OS>Kernel
Mergedinto: 669439
Status: Duplicate (was: Untriaged)

Merging into the 3.8 bug.

Project Member

Comment 2 by sheriffbot@chromium.org, Mar 11 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 669440 link

Issue metadata

CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_10

Issue description

Comment 1 by mnissler@chromium.org, Nov 29 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Mar 11 2017

Comment 2 Deleted

Sign in to add a comment