Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-7895 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7895 CVSS severity score: 10/10.0 Description: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
May 15 2017
,
May 15 2017
Also see b:38261521.
,
May 15 2017
Do we have any boards that use 3.x kernels and enable NFSD? The following CLs fix this in 4.4 and are being cherry-picked into release branches as per http://crbug.com/721925 : https://chromium-review.googlesource.com/c/505167/ https://chromium-review.googlesource.com/c/505168/
,
May 15 2017
#4: The only configuration I am aware of which enables NFSD is Lakitu, but that is on 4.4.
,
May 15 2017
We will also enable it on our VM guests, but they are all on 4.4 as well.
,
May 22 2017
,
May 23 2017
,
Aug 29 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by infe...@chromium.org
, May 15 2017Labels: Security_Severity-High Security_Impact-Stable Pri-1
Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)