New issue
Advanced search Search tips

Issue 727003 link

Starred by 1 user
Status: WontFix
Owner:
gwendal@chromium.org
Closed: Jan 2018
Cc:
mnissler@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

CrOS: (CVE-2017-7495) Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, May 27 2017 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2017-7495
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7495
  CVSS severity score: 2.1/10.0
  Description:

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by kenrb@chromium.org, May 29 2017

Components: OS>Kernel
Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)
To groeck@ for triage.

Comment 2 by groeck@chromium.org, May 29 2017

Summary: CrOS: (CVE-2017-7495) Vulnerability reported in Linux kernel (was: CrOS: Vulnerability reported in Linux kernel)

Comment 3 by groeck@chromium.org, May 29 2017 

Upstream commit: 06bd3c36a73 ("ext4: fix data exposure after a crash").

Low severity; patch does not apply cleanly to older kernels and will require backport. High risk of introducing a secondary bug due to a bad backport may outweigh risk of exposure. Will require more analysis to determine if the risk is worth the benefits.

Comment 4 by groeck@chromium.org, May 29 2017

Labels: Security_Severity-Low

Comment 5 by groeck@chromium.org, May 29 2017

Owner: gwendal@chromium.org
@gwendal: Can you have a look ? I am not sure if applying the fix is worth the risk. It was never applied to stable releases. Also, it would require two local users effectively working together to access each other's files, which doesn't really make sense.
Project Member

Comment 6 by sheriffbot@chromium.org, May 30 2017

Labels: Pri-2

Comment 7 by mbarbe...@chromium.org, Jun 5 2017

Labels: Security_Impact-Stable

Comment 8 by kerrnel@chromium.org, Jan 30 2018

Cc: mnissler@chromium.org
groeck@, when you say never applied to stable, do you mean this was never pulled in 4.4 from 4.6? We should probably just decide if this is worth merging or not, and either apply the merge or WontFix the bug. 

+mnissler@ for a secondary opinion, this seems a bit esoteric to me.

Comment 9 by groeck@chromium.org, Jan 30 2018

Status: WontFix (was: Assigned)
This has since been backported into linux-4.4.y and thus into chromeos-4.4 as part of b:62198330 and CL:653383. It was also backported into all other chromeos kernels (see CL:653383 and related CLs). As such, it is long since obsolete.

Marking as WontFix since I can not mark a bug as duplicate of a bug in buganizer.

Sign in to add a comment