Issue metadata
Sign in to add a comment
|
CrOS: CVE-2017-8925 - Vulnerability reported in Linux kernel - usb omninet_open |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-8925 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-8925 CVSS severity score: 2.1/10.0 Description: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
May 24 2017
groeck@: Is it okay if I assign these to you directly for triage? It looks like you've been triaging the rest of them.
,
May 24 2017
Fix is already in chromeos-4.4 (through merge), but still needed in older kernels. Upstream commit 58295a351b ("USB: serial: omninet: fix reference leaks at open"). Not enable in standard configurations, thus no security risk.
,
May 24 2017
,
May 25 2017
,
May 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/62d987ee620cc80dbf5a503715e0d3545aabef71 commit 62d987ee620cc80dbf5a503715e0d3545aabef71 Author: Johan Hovold <johan@kernel.org> Date: Thu May 25 07:14:07 2017 UPSTREAM: USB: serial: omninet: fix reference leaks at open This driver needlessly took another reference to the tty on open, a reference which was then never released on close. This lead to not just a leak of the tty, but also a driver reference leak that prevented the driver from being unloaded after a port had once been opened. BUG= chromium:725018 TEST=Build and run Change-Id: I9d01b5778bf6943dd457441fcb9ce35a7ea5b462 Fixes: 4a90f09b20f4 ("tty: usb-serial krefs") Cc: stable <stable@vger.kernel.org> # 2.6.28 Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 30572418b445d85fc) Reviewed-on: https://chromium-review.googlesource.com/514344 Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/62d987ee620cc80dbf5a503715e0d3545aabef71/drivers/usb/serial/omninet.c
,
May 25 2017
,
May 25 2017
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f1950c663646bd12133474e6c125cfd27d1c02e8 commit f1950c663646bd12133474e6c125cfd27d1c02e8 Author: Johan Hovold <johan@kernel.org> Date: Thu May 25 17:24:45 2017 UPSTREAM: USB: serial: omninet: fix reference leaks at open This driver needlessly took another reference to the tty on open, a reference which was then never released on close. This lead to not just a leak of the tty, but also a driver reference leak that prevented the driver from being unloaded after a port had once been opened. BUG= chromium:725018 TEST=Build and run Change-Id: I9d01b5778bf6943dd457441fcb9ce35a7ea5b462 Fixes: 4a90f09b20f4 ("tty: usb-serial krefs") Cc: stable <stable@vger.kernel.org> # 2.6.28 Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 30572418b445d85fc) Reviewed-on: https://chromium-review.googlesource.com/514344 Reviewed-by: Dylan Reid <dgreid@chromium.org> (cherry picked from commit 62d987ee620cc80dbf5a503715e0d3545aabef71) Reviewed-on: https://chromium-review.googlesource.com/515207 [modify] https://crrev.com/f1950c663646bd12133474e6c125cfd27d1c02e8/drivers/usb/serial/omninet.c
,
May 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a0006230ffc862bd722ee8152a6b568b997de16b commit a0006230ffc862bd722ee8152a6b568b997de16b Author: Johan Hovold <johan@kernel.org> Date: Thu May 25 19:25:30 2017 UPSTREAM: USB: serial: omninet: fix reference leaks at open This driver needlessly took another reference to the tty on open, a reference which was then never released on close. This lead to not just a leak of the tty, but also a driver reference leak that prevented the driver from being unloaded after a port had once been opened. BUG= chromium:725018 TEST=Build and run Change-Id: I9d01b5778bf6943dd457441fcb9ce35a7ea5b462 Fixes: 4a90f09b20f4 ("tty: usb-serial krefs") Cc: stable <stable@vger.kernel.org> # 2.6.28 Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 30572418b445d85fc) Reviewed-on: https://chromium-review.googlesource.com/514344 Reviewed-by: Dylan Reid <dgreid@chromium.org> (cherry picked from commit 62d987ee620cc80dbf5a503715e0d3545aabef71) Reviewed-on: https://chromium-review.googlesource.com/515206 [modify] https://crrev.com/a0006230ffc862bd722ee8152a6b568b997de16b/drivers/usb/serial/omninet.c
,
May 26 2017
,
Sep 1 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by wfh@chromium.org
, May 22 2017Labels: Security_Severity-Low Pri-2
Summary: CrOS: CVE-2017-8925 - Vulnerability reported in Linux kernel - usb omninet_open (was: CrOS: Vulnerability reported in Linux kernel)