Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-kernel/chromeos-kernel-3_18 Package Version: [cpe:/o:linux:linux_kernel:3.18] Advisory: CVE-2016-6789 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-6789 CVSS severity score: 9.3/10.0 Confidence: high Description: An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789. Advisory: CVE-2016-6790 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-6790 CVSS severity score: 9.3/10.0 Confidence: high Description: An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790. Advisory: CVE-2016-8401 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8401 CVSS severity score: 4.3/10.0 Confidence: high Description: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725. Advisory: CVE-2016-8402 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8402 CVSS severity score: 4.3/10.0 Confidence: high Description: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231. Advisory: CVE-2016-8406 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8406 CVSS severity score: 4.3/10.0 Confidence: high Description: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940. Advisory: CVE-2016-8407 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8407 CVSS severity score: 4.3/10.0 Confidence: high Description: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656. Advisory: CVE-2016-8410 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8410 CVSS severity score: 2.6/10.0 Confidence: high Description: An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010.
,
Jan 23 2017
Feel free to assign to me (whoever has permission to do so).
,
Jan 23 2017
,
Feb 2 2017
groeck: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 2 2017
Here is the current status. CVE Bug # (vomit) Bug # Status Android ID Kernel SHA Comments CVE-2016-6789 682633 na A-31251973 NVIDIA libomx library (libnvomx); not a kernel bug CVE-2016-6790 682633 na A-31251973 NVIDIA libomx library (libnvomx); not a kernel bug CVE-2016-8401 682633 A-31494725 msm b57e736e9991 629ed5b4a0e4 ION subsystem, Binder, USB driver and networking subsystem upstream missing CVE-2016-8402 682633 A-31495231 msm 0804d7840364 7e7cd02bc4cd ION subsystem, Binder, USB driver and networking subsystem CVE-2016-8406 682633 A-31796940 msm 89220e920f99b f1ca98fe8121 ION subsystem, Binder, USB driver and networking subsystem upstream missing CVE-2016-8407 682633 na A-31802656 msm a4c7c4386571 ION subsystem, Binder, USB driver and networking subsystem not in chromeos CVE-2016-8410 682633 na A-31498403 Qualcomm; code not in chromeos The only CVEs which apply are the ones affecting ION and binder, and those appear to be minor (they only apply if the process privilege is already elevated, and then there are other means to really exploit the system than just getting kernel memory pointers). I have not made up my mind if I should apply them to chromeos (and diverge from upstream). Since the CVEs applicable to chromeos are rated as moderate, the security severity of this bug should be moderate as well.
,
Feb 8 2017
CVE-2016-8401/8402/8406/8407: A privileged process can obtain various kernel pointers via debug or other logging information. There are more than 700 such pointers in the latest upstream kernel in the networking subsystem alone, and more than 2,500 in drivers. Fixing a selected subset won't do any good. The other problems don't apply to chromeos. Marking as WontFix.
,
May 18 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kerrnel@chromium.org
, Jan 23 2017Labels: Security_Impact-Stable M-56 Security_Severity-High