VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2017-15102
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-15102
CVSS severity score: 6.9/10.0
Description:
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by groeck@chromium.org
, Dec 3 2017Labels: Security_Severity-Medium Security_Impact-None
Owner: groeck@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit 2fae9e5a7baba ("usb: misc: legousbtower: Fix NULL pointer deference"). Not enabled in Chrome OS configurations. Does not affect chromeos-4.14. Already fixed in chromeos-4.4 since end of 2016. WontFix in older kernels.