New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 724021 link

Starred by 1 user
Status: Archived
Owner:
andreyu@google.com
Last visit > 30 days ago
Closed: May 2017
Cc:
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, May 18 2017 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2017-8890
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-8890
  CVSS severity score: 10/10.0
  Description:

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by wfh@chromium.org, May 18 2017

Components: OS>Kernel
Labels: Security_Severity-High Pri-1

Comment 2 by groeck@chromium.org, May 18 2017

Owner: groeck@chromium.org
Status: Started (was: Untriaged)

Comment 3 by groeck@chromium.org, May 18 2017

Labels: M-58

Comment 4 by groeck@chromium.org, May 18 2017

Status: WontFix (was: Started)
Duplicate of b:38424110 and handled there. This system doesn't let me add a duplicate into buganizer bugs, so closing as WontFix.

Comment 5 by andreyu@google.com, May 19 2017

Labels: Merge-Request-58 Merge-Request-59
Owner: andreyu@google.com
Status: Fixed (was: WontFix)

Comment 6 by andreyu@google.com, May 19 2017

Cc: groeck@chromium.org
Project Member

Comment 7 by sheriffbot@chromium.org, May 20 2017

Labels: Restrict-View-SecurityNotify
Project Member

Comment 8 by sheriffbot@chromium.org, May 20 2017

Labels: -Merge-Request-59 Hotlist-Merge-Approved Merge-Approved-59
Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 9 by sheriffbot@chromium.org, May 24 2017 

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 10 by sheriffbot@chromium.org, May 29 2017 

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 11 by andreyu@google.com, May 30 2017

Labels: Disable-Nags
Project Member

Comment 12 by sheriffbot@chromium.org, Jun 6 2017

Labels: -M-58 Security_Impact-Stable M-59
Project Member

Comment 13 by sheriffbot@chromium.org, Jul 26 2017

Labels: -M-59 M-60

Comment 14 by josa...@chromium.org, Aug 22 2017

Labels: -Merge-Request-58 -Merge-Approved-59
Project Member

Comment 15 by sheriffbot@chromium.org, Aug 25 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 16 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment