VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2017-17053
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-17053
CVSS severity score: 7.6/10.0
Description:
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by groeck@chromium.org
, Dec 21 2017Status: WontFix (was: Untriaged)
Upstream commit ccd5b3235180 ("x86/mm: Fix use-after-free of ldt_struct"). chromeos-4.14 is not affected. Introduced with commit 39a0526fb3f7 ("x86/mm: Factor out LDT init from context init") which is not in chromeos-4.4 or older. Thus, no chromeos releases are affected.