New issue
Advanced search Search tips

Issue 708133 link

Starred by 1 user
Status: WontFix
Owner:
keescook@chromium.org
Closed: Apr 2017
Cc:
vapier@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in sys-kernel/linux-headers

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Apr 4 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: sys-kernel/linux-headers
Package Version: [cpe:/o:linux:linux_kernel:4.0 cpe:/o:linux:linux_kernel:4.4]

Advisory: CVE-2017-7273
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7273
  CVSS severity score: 4.6/10.0
  Confidence: high
  Description:

The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.

Comment 1 by dominickn@chromium.org, Apr 4 2017

Cc: vapier@chromium.org
Components: OS>Kernel
Owner: keescook@chromium.org
Status: Assigned (was: Untriaged)
+cc ChromeOS folks. Can you check up on this please?

Comment 2 by groeck@google.com, Apr 5 2017 

ChromeOS is not affected.

chromeos/config/base.config:# CONFIG_HID_CYPRESS is not set

Also, the fix is already available in chromeos-4.4 with commit a2f727149ee4 ("HID: hid-cypress: validate length of report"), pulled in from a merge.

Comment 3 by dominickn@chromium.org, Apr 5 2017

Status: WontFix (was: Assigned)
Great, thanks!

Comment 4 by vapier@chromium.org, Apr 5 2017

Labels: -Restrict-View-SecurityTeam
generally speaking, vuln issues don't apply to linux-headers.  they don't build drivers.

Sign in to add a comment