VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2017-15115
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-15115
CVSS severity score: 7.2/10.0
Description:
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by groeck@chromium.org
, Dec 4 2017Labels: Security_Severity-High Security_Impact-None Pri-3
Owner: groeck@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit df80cd9b28b9ebaa ("sctp: do not peel off an assoc from one netns to another one"). chromeos-4.14 is not affected. Will be fixed in chromeos-4.4 with merge of v4.4.102/v4.4.103. Not enabled in chromeos, thus not needed in older kernels or in stable releases.