New issue
Advanced search Search tips

Issue 724784 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: May 2017
Cc:
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CrOS: CVE-2017-0626 - Vulnerability reported in Linux kernel - Qualcomm crypto engine driver

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, May 20 2017 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2017-0626
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0626
  CVSS severity score: 4.3/10.0
  Description:

An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by wfh@chromium.org, May 22 2017

Components: OS>Kernel

Comment 2 by wfh@chromium.org, May 22 2017

Labels: Security_Severity-High Pri-1
Summary: CrOS: CVE-2017-0626 - Vulnerability reported in Linux kernel - Qualcomm crypto engine driver (was: CrOS: Vulnerability reported in Linux kernel)

Comment 3 by wfh@chromium.org, May 22 2017

Status: Available (was: Untriaged)

Comment 4 by mnissler@chromium.org, May 22 2017

Owner: groeck@chromium.org
Mass-assigning Android May security bulletin issues to groeck@ to triage.
Project Member

Comment 5 by sheriffbot@chromium.org, May 22 2017

Status: Assigned (was: Available)

Comment 6 by groeck@chromium.org, May 22 2017

Status: WontFix (was: Assigned)
Code is Qualcomm/msm specific; not in Chrome OS.

Sign in to add a comment