Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_10 |
||||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-kernel/chromeos-kernel-3_10 Package Version: [cpe:/o:linux:linux_kernel:3.10.18] Advisory: CVE-2017-5972 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-5972 CVSS severity score: 7.8/10.0 Confidence: high Description: The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7.
,
Mar 2 2017
,
Mar 14 2017
groeck@ - setting serverity low since this is DoS, not information disclosure, and impact statble assuming this is in the current chromes. Please correct these lables if I'm mistaken.
,
Mar 14 2017
,
Mar 14 2017
#4: yes.
,
Jun 22 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by vakh@chromium.org
, Mar 2 2017Owner: groeck@chromium.org