New issue
Advanced search Search tips

Issue 739680 link

Starred by 1 user
Status: Duplicate
Merged: issue 724093
Owner: ----
Closed: Jul 2017
Cc:
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jul 6 2017 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2017-1000377
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-1000377
  CVSS severity score: 4.6/10.0
  Description:

An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by groeck@chromium.org, Jul 6 2017

Mergedinto: 724093
Status: Duplicate (was: Untriaged)

Comment 2 by groeck@chromium.org, Jul 6 2017

Labels: Security_Severity-High Security_Impact-Stable Pri-1
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 18 2017

Labels: allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment