Issue metadata
Sign in to add a comment
|
CVE-2017-16648 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-16648 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-16648 CVSS severity score: 7.2/10.0 Description: The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Dec 5 2017
The problem was originally introduced with commit 1f862a68df24 ("[media] dvb_frontend: move kref to struct dvb_frontend") in November 2016. chromeos-4.4 and earlier kernels are therefore not affected. Still waiting for fix to be available in linux-4.14.y.
,
Dec 14 2017
Requested upstream merge into v4.14-stable.
,
Dec 15 2017
Fix queued for v4.14.7.
,
Dec 20 2017
The merge of v4.14.7 into chromeos-4.14 is ongoing. Marking as duplicate of the merge bug.
,
Mar 29 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Nov 29 2017Labels: Security_Severity-High Security_Impact-None Pri-3
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)
Upstream b1cb7372fa82 ("dvb_frontend: don't use-after-free the frontend struct"). Only affects beaglebone configurations. Will fix with stable tree merges if/when available for chromeos-4.4 and chromeos-4.14. WontFix for older kernels.