Issue metadata
Sign in to add a comment
|
CrOS: CVE-2017-10810: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-10810 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-10810 CVSS severity score: 7.8/10.0 Description: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Jul 14 2017
,
Jul 14 2017
,
Jul 14 2017
Only affects chromeos-4.4 (affected file does not exist in older kernels).
,
Jul 14 2017
,
Jul 14 2017
,
Jul 15 2017
,
Jul 15 2017
,
Jul 15 2017
This bug requires manual review: We are only 9 days from stable. Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 15 2017
,
Jul 17 2017
,
Jul 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/d58d0ad5f038efcf6496cda78051cea8e454e571 commit d58d0ad5f038efcf6496cda78051cea8e454e571 Author: Gerd Hoffmann <kraxel@redhat.com> Date: Sat Jul 15 01:01:13 2017 UPSTREAM: drm/virtio: don't leak bo on drm_gem_object_init failure BUG= chromium:742967 TEST=Build and run Change-Id: I3871fdc0ce506be6c995d809d5107ef8104dbd9a Reported-by: <liqiang6-s@360.cn> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 385aee965b4e) Reviewed-on: https://chromium-review.googlesource.com/571676 Reviewed-by: Sean Paul <seanpaul@google.com> [modify] https://crrev.com/d58d0ad5f038efcf6496cda78051cea8e454e571/drivers/gpu/drm/virtio/virtgpu_object.c
,
Jul 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7f5eb3ffd6b105e6fbdf0d534414fc2ee4f8c86f commit 7f5eb3ffd6b105e6fbdf0d534414fc2ee4f8c86f Author: Gerd Hoffmann <kraxel@redhat.com> Date: Tue Jul 18 15:59:17 2017 UPSTREAM: drm/virtio: don't leak bo on drm_gem_object_init failure BUG= chromium:742967 TEST=Build and run Change-Id: I3871fdc0ce506be6c995d809d5107ef8104dbd9a Reported-by: <liqiang6-s@360.cn> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 385aee965b4e) Reviewed-on: https://chromium-review.googlesource.com/571676 Reviewed-by: Sean Paul <seanpaul@google.com> (cherry picked from commit d58d0ad5f038efcf6496cda78051cea8e454e571) Reviewed-on: https://chromium-review.googlesource.com/576247 [modify] https://crrev.com/7f5eb3ffd6b105e6fbdf0d534414fc2ee4f8c86f/drivers/gpu/drm/virtio/virtgpu_object.c
,
Jul 18 2017
,
Oct 22 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
,
Jul 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Jul 14 2017Status: Assigned (was: Untriaged)
Summary: CrOS: CVE-2017-10810: Vulnerability reported in Linux kernel (was: CrOS: Vulnerability reported in Linux kernel)