Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-kernel/chromeos-kernel-3_18 Package Version: [cpe:/o:linux:linux_kernel:3.18] Advisory: CVE-2016-8405 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8405 CVSS severity score: 4.3/10.0 Confidence: high Description: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.
,
Jan 17 2017
,
Jan 17 2017
,
Jan 17 2017
,
Jan 17 2017
,
Jan 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/65b2d5897e722b3b1986f1ad05d5652cd7adf3cf commit 65b2d5897e722b3b1986f1ad05d5652cd7adf3cf Author: Kees Cook <keescook@chromium.org> Date: Thu Jan 05 22:42:49 2017 FROMLIST: fbdev: color map copying bounds checking Copying color maps to userspace doesn't check the value of to->start, which will cause kernel heap buffer OOB read due to signedness wraps. CVE-2016-8405 Reported-by: Peter Pi (@heisecode) of Trend Micro Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> BUG= chromium:680941 TEST=Build and boot kevin (am from https://patchwork.kernel.org/patch/9499759/) Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Change-Id: I0406425397503f1890c8ed8566a2c283f6be5778 Reviewed-on: https://chromium-review.googlesource.com/428134 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/65b2d5897e722b3b1986f1ad05d5652cd7adf3cf/drivers/video/fbdev/core/fbcmap.c
,
Jan 18 2017
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/8046fe27c341780db3a4e279fe0d032935a338da commit 8046fe27c341780db3a4e279fe0d032935a338da Author: Kees Cook <keescook@chromium.org> Date: Thu Jan 05 22:42:49 2017 FROMLIST: fbdev: color map copying bounds checking Copying color maps to userspace doesn't check the value of to->start, which will cause kernel heap buffer OOB read due to signedness wraps. CVE-2016-8405 Reported-by: Peter Pi (@heisecode) of Trend Micro Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> BUG= chromium:680941 TEST=Build and boot kevin (am from https://patchwork.kernel.org/patch/9499759/) Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Change-Id: I0406425397503f1890c8ed8566a2c283f6be5778 Reviewed-on: https://chromium-review.googlesource.com/428134 Reviewed-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 65b2d5897e722b3b1986f1ad05d5652cd7adf3cf) Reviewed-on: https://chromium-review.googlesource.com/429331 [modify] https://crrev.com/8046fe27c341780db3a4e279fe0d032935a338da/drivers/video/fbdev/core/fbcmap.c
,
Jan 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/265b88364426092cd21923dca8adff6a2176bf03 commit 265b88364426092cd21923dca8adff6a2176bf03 Author: Kees Cook <keescook@chromium.org> Date: Thu Jan 05 22:42:49 2017 FROMLIST: fbdev: color map copying bounds checking Copying color maps to userspace doesn't check the value of to->start, which will cause kernel heap buffer OOB read due to signedness wraps. CVE-2016-8405 Reported-by: Peter Pi (@heisecode) of Trend Micro Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> BUG= chromium:680941 TEST=Build and boot kevin (am from https://patchwork.kernel.org/patch/9499759/) Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Change-Id: I0406425397503f1890c8ed8566a2c283f6be5778 Reviewed-on: https://chromium-review.googlesource.com/428134 Reviewed-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 65b2d5897e722b3b1986f1ad05d5652cd7adf3cf) Reviewed-on: https://chromium-review.googlesource.com/429232 [modify] https://crrev.com/265b88364426092cd21923dca8adff6a2176bf03/drivers/video/fbcmap.c
,
Jan 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5e2dd6984e7e82ac506224405801a8fa2478da27 commit 5e2dd6984e7e82ac506224405801a8fa2478da27 Author: Kees Cook <keescook@chromium.org> Date: Thu Jan 05 22:42:49 2017 FROMLIST: fbdev: color map copying bounds checking Copying color maps to userspace doesn't check the value of to->start, which will cause kernel heap buffer OOB read due to signedness wraps. CVE-2016-8405 Reported-by: Peter Pi (@heisecode) of Trend Micro Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> BUG= chromium:680941 TEST=Build and boot kevin (am from https://patchwork.kernel.org/patch/9499759/) Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Change-Id: I0406425397503f1890c8ed8566a2c283f6be5778 Reviewed-on: https://chromium-review.googlesource.com/428134 Reviewed-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 65b2d5897e722b3b1986f1ad05d5652cd7adf3cf) Reviewed-on: https://chromium-review.googlesource.com/429213 [modify] https://crrev.com/5e2dd6984e7e82ac506224405801a8fa2478da27/drivers/video/fbcmap.c
,
Jan 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2281b9c9b1f69c7ca3cc3deabe9138f149c7b111 commit 2281b9c9b1f69c7ca3cc3deabe9138f149c7b111 Author: Kees Cook <keescook@chromium.org> Date: Thu Jan 05 22:42:49 2017 FROMLIST: fbdev: color map copying bounds checking Copying color maps to userspace doesn't check the value of to->start, which will cause kernel heap buffer OOB read due to signedness wraps. CVE-2016-8405 Reported-by: Peter Pi (@heisecode) of Trend Micro Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> BUG= chromium:680941 TEST=Build and boot kevin (am from https://patchwork.kernel.org/patch/9499759/) Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Change-Id: I0406425397503f1890c8ed8566a2c283f6be5778 Reviewed-on: https://chromium-review.googlesource.com/428134 Reviewed-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 65b2d5897e722b3b1986f1ad05d5652cd7adf3cf) Reviewed-on: https://chromium-review.googlesource.com/429212 [modify] https://crrev.com/2281b9c9b1f69c7ca3cc3deabe9138f149c7b111/drivers/video/fbcmap.c
,
Jan 19 2017
,
Jan 19 2017
,
Jan 19 2017
This bug requires manual review: We are only 11 days from stable. Please contact the milestone owner if you have questions. Owners: amineer@(clank), cmasso@(bling), gkihumba@(cros), bustamante@(desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 24 2017
,
Apr 27 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 30 2017
,
Aug 1 2017
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kerrnel@chromium.org
, Jan 17 2017