Issue metadata
Sign in to add a comment
|
CVE-2017-12762 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-12762 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-12762 CVSS severity score: 10/10.0 Description: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Aug 28 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 28 2017
,
Aug 28 2017
As mentioned in #1, we don't use or enable ISDN. Marking this as release blocker does not make sense.
,
Aug 28 2017
,
Aug 29 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 29 2017
Trying again. Interesting argument with Sheriffbot.
,
Aug 29 2017
Upstream commit 9f5af546e6acc30f075828cb58c7f09665033967
,
Sep 1 2017
,
Sep 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/c1b686aebf83aaf76a375390f02faf1d5d2e1002 commit c1b686aebf83aaf76a375390f02faf1d5d2e1002 Author: Annie Cherkaev <annie.cherk@gmail.com> Date: Sat Sep 02 04:38:38 2017 UPSTREAM: isdn/i4l: fix buffer overflow This fixes a potential buffer overflow in isdn_net.c caused by an unbounded strcpy. [ ISDN seems to be effectively unmaintained, and the I4L driver in particular is long deprecated, but in case somebody uses this.. - Linus ] BUG= chromium:759287 TEST=Build and run Change-Id: I66029cee6c8bd6011ccc5c34aebd1cfc46c93e0b Signed-off-by: Jiten Thakkar <jitenmt@gmail.com> Signed-off-by: Annie Cherkaev <annie.cherk@gmail.com> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Kees Cook <keescook@chromium.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 9f5af546e6acc30f075828cb58c7f09665033967) Reviewed-on: https://chromium-review.googlesource.com/648361 Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/c1b686aebf83aaf76a375390f02faf1d5d2e1002/drivers/isdn/i4l/isdn_net.c [modify] https://crrev.com/c1b686aebf83aaf76a375390f02faf1d5d2e1002/drivers/isdn/i4l/isdn_common.c
,
Sep 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/56a79910b67d62e2942ff2b8007edff115a74498 commit 56a79910b67d62e2942ff2b8007edff115a74498 Author: Annie Cherkaev <annie.cherk@gmail.com> Date: Sat Sep 02 04:38:36 2017 UPSTREAM: isdn/i4l: fix buffer overflow This fixes a potential buffer overflow in isdn_net.c caused by an unbounded strcpy. [ ISDN seems to be effectively unmaintained, and the I4L driver in particular is long deprecated, but in case somebody uses this.. - Linus ] BUG= chromium:759287 TEST=Build and run Change-Id: I66029cee6c8bd6011ccc5c34aebd1cfc46c93e0b Signed-off-by: Jiten Thakkar <jitenmt@gmail.com> Signed-off-by: Annie Cherkaev <annie.cherk@gmail.com> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Kees Cook <keescook@chromium.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 9f5af546e6acc30f075828cb58c7f09665033967) Reviewed-on: https://chromium-review.googlesource.com/647485 [modify] https://crrev.com/56a79910b67d62e2942ff2b8007edff115a74498/drivers/isdn/i4l/isdn_net.c [modify] https://crrev.com/56a79910b67d62e2942ff2b8007edff115a74498/drivers/isdn/i4l/isdn_common.c
,
Sep 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/15cfb6dac42ad09bbaa6fcbefda310c8d6e339fd commit 15cfb6dac42ad09bbaa6fcbefda310c8d6e339fd Author: Annie Cherkaev <annie.cherk@gmail.com> Date: Sat Sep 02 09:09:54 2017 UPSTREAM: isdn/i4l: fix buffer overflow This fixes a potential buffer overflow in isdn_net.c caused by an unbounded strcpy. [ ISDN seems to be effectively unmaintained, and the I4L driver in particular is long deprecated, but in case somebody uses this.. - Linus ] BUG= chromium:759287 TEST=Build and run Change-Id: I66029cee6c8bd6011ccc5c34aebd1cfc46c93e0b Signed-off-by: Jiten Thakkar <jitenmt@gmail.com> Signed-off-by: Annie Cherkaev <annie.cherk@gmail.com> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Kees Cook <keescook@chromium.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 9f5af546e6acc30f075828cb58c7f09665033967) Reviewed-on: https://chromium-review.googlesource.com/647651 [modify] https://crrev.com/15cfb6dac42ad09bbaa6fcbefda310c8d6e339fd/drivers/isdn/i4l/isdn_net.c [modify] https://crrev.com/15cfb6dac42ad09bbaa6fcbefda310c8d6e339fd/drivers/isdn/i4l/isdn_common.c
,
Sep 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f1a8962cd23a2543eb9fa50e76c04e520394f7e1 commit f1a8962cd23a2543eb9fa50e76c04e520394f7e1 Author: Annie Cherkaev <annie.cherk@gmail.com> Date: Sat Sep 02 09:09:56 2017 UPSTREAM: isdn/i4l: fix buffer overflow This fixes a potential buffer overflow in isdn_net.c caused by an unbounded strcpy. [ ISDN seems to be effectively unmaintained, and the I4L driver in particular is long deprecated, but in case somebody uses this.. - Linus ] BUG= chromium:759287 TEST=Build and run Change-Id: I66029cee6c8bd6011ccc5c34aebd1cfc46c93e0b Signed-off-by: Jiten Thakkar <jitenmt@gmail.com> Signed-off-by: Annie Cherkaev <annie.cherk@gmail.com> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Kees Cook <keescook@chromium.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 9f5af546e6acc30f075828cb58c7f09665033967) Reviewed-on: https://chromium-review.googlesource.com/647652 [modify] https://crrev.com/f1a8962cd23a2543eb9fa50e76c04e520394f7e1/drivers/isdn/i4l/isdn_net.c [modify] https://crrev.com/f1a8962cd23a2543eb9fa50e76c04e520394f7e1/drivers/isdn/i4l/isdn_common.c
,
Sep 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/04da2445a80c224d6f6d25249e9d1b743fbd337a commit 04da2445a80c224d6f6d25249e9d1b743fbd337a Author: Annie Cherkaev <annie.cherk@gmail.com> Date: Sat Sep 02 09:09:55 2017 UPSTREAM: isdn/i4l: fix buffer overflow This fixes a potential buffer overflow in isdn_net.c caused by an unbounded strcpy. [ ISDN seems to be effectively unmaintained, and the I4L driver in particular is long deprecated, but in case somebody uses this.. - Linus ] BUG= chromium:759287 TEST=Build and run Change-Id: I66029cee6c8bd6011ccc5c34aebd1cfc46c93e0b Signed-off-by: Jiten Thakkar <jitenmt@gmail.com> Signed-off-by: Annie Cherkaev <annie.cherk@gmail.com> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Kees Cook <keescook@chromium.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 9f5af546e6acc30f075828cb58c7f09665033967) Reviewed-on: https://chromium-review.googlesource.com/647653 [modify] https://crrev.com/04da2445a80c224d6f6d25249e9d1b743fbd337a/drivers/isdn/i4l/isdn_net.c [modify] https://crrev.com/04da2445a80c224d6f6d25249e9d1b743fbd337a/drivers/isdn/i4l/isdn_common.c
,
Sep 2 2017
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 3 2017
,
Dec 9 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Aug 27 2017Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)