Issue metadata
Sign in to add a comment
|
CVE-2017-16646 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-16646 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-16646 CVSS severity score: 7.2/10.0 Description: drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Dec 5 2017
Fixed in chromeos-4.14 with stable release merge. Will be fixed in chromeos-4.4 with next stable tree merge. Marking as Duplicate.
,
Mar 14 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Nov 29 2017Labels: Security_Severity-High Security_Impact-None Pri-3
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)
Upstream commit eb0c19942288 ("media: dib0700: fix invalid dvb_detach argument"). Only enabled in beaglebone images. Will wait for stable release merge in chromeos-4.4 and chromeos-4.14. WontFix for older kernels.