Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_10 |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-kernel/chromeos-kernel-3_10 Package Version: [cpe:/o:linux:linux_kernel:3.10.18] Advisory: CVE-2010-0298 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2010-0298 CVSS severity score: 6.5/10.0 Confidence: high Description: The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306. Advisory: CVE-2011-4374 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2011-4374 CVSS severity score: 7.5/10.0 Confidence: high Description: Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
,
Sep 20 2017
Fixed 7+ years ago. What happened with the CVE tag in the subject line ? Why was that removed ?
,
Sep 20 2017
I'm not sure why vomit dropped that, we can ask them. Are you saying this is already fixed in Chrome OS and we can close it?
,
Sep 20 2017
Yes, this was fixed a long time ago. Also, we now have no less than six bugs pointing to the same CVE. ☆ 766999 1 ---- 1 ---- OS>Kernel Assigned mnissler@chromium.org CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_10 Vomit ComponentOSKernel Chrome 4 minutes ago ☆ 766995 1 ---- 1 ---- OS>Kernel Assigned mnissler@chromium.org CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 Vomit ComponentOSKernel Chrome 3 hours ago ☆ 766994 1 ---- 1 ---- OS>Kernel Assigned mnissler@chromium.org CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-4_4 Vomit ComponentOSKernel Chrome 4 hours ago ☆ 766992 1 ---- 1 ---- OS>Kernel Assigned mnissler@chromium.org CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_14 Vomit ComponentOSKernel Chrome 2 hours ago ☆ 766989 1 ---- 1 ---- OS>Kernel Assigned kerrnel@chromium.org CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_8 Vomit ComponentOSKernel Chrome 96 minutes ago ☆ 766988 1 ---- 1 ---- OS>Kernel Assigned kerrnel@chromium.org CrOS: Vulnerability reported in sys-kernel/linux-headers Vomit ComponentOSKernel Chrome 3 hours ago
,
Sep 21 2017
Vomit apparently screwed up version matching here. Per [1], this is fixed by comment [2] which landed in 2.6.33 [3]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=559091 [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1871c6020d7308afb99127bba51f04548e7ca84e [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Makefile?id=1871c6020d7308afb99127bba51f04548e7ca84e
,
Dec 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by palmer@chromium.org
, Sep 20 2017Components: OS>Kernel
Owner: mnissler@chromium.org
Status: Assigned (was: Untriaged)