Issue 766994 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	mnissler@chromium.org
Closed:	Sep 2017
Cc:	kerrnel@chromium.org █ djm@google.com chromeos-kernel-security-bug-access@google.com
Components:	OS>Kernel
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	1
Type:	Bug-Security
Vomit allpublic ComponentOSKernel

CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-4_4

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 20 2017

Issue description

Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: sys-kernel/chromeos-kernel-4_4
Package Version: [cpe:/o:linux:linux_kernel:4.4.86]

Advisory: CVE-2010-0298
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2010-0298
  CVSS severity score: 6.5/10.0
  Confidence: high
  Description:

The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.
Advisory: CVE-2011-4374
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2011-4374
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Comment 1 by palmer@chromium.org, Sep 20 2017

Cc: kerrnel@chromium.org
Components: OS>Kernel
Owner: mnissler@chromium.org
Status: Assigned (was: Untriaged)

Comment 2 by groeck@chromium.org, Sep 20 2017

This was fixed more than 7 years ago with commit 1871c6020d73 ("KVM: x86 emulator: fix memory access during x86 emulation"). 

Where is this noise coming from ? That doesn't really make sense.

Comment 3 by mnissler@chromium.org, Sep 21 2017

Cc: djm@google.com
Status: WontFix (was: Assigned)

Vomit apparently screwed up version matching here. Per [1], this is fixed by comment [2] which landed in 2.6.33 [3].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=559091
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1871c6020d7308afb99127bba51f04548e7ca84e
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Makefile?id=1871c6020d7308afb99127bba51f04548e7ca84e

Project Member

Comment 4 by sheriffbot@chromium.org, Dec 28 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 766994 link

Issue metadata

CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-4_4

Issue description

Comment 1 by palmer@chromium.org, Sep 20 2017

Comment 1 Deleted

Comment 2 by groeck@chromium.org, Sep 20 2017

Comment 2 Deleted

Comment 3 by mnissler@chromium.org, Sep 21 2017

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Dec 28 2017

Comment 4 Deleted

Sign in to add a comment