Issue metadata
Sign in to add a comment
|
CVE-2017-8824 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-8824 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-8824 CVSS severity score: 7.2/10.0 Description: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Jan 2 2018
,
Jan 2 2018
CONFIG_IP_DCCP is not enabled in lakitu either. Applying through stable merge sgtm. Thanks!
,
Feb 15 2018
The fix will be merged into chromeos-4.4 with the merge of v4.4.116, and into chromeos-4.14 the merge of v4.14.20.
,
Feb 16 2018
,
Feb 23 2018
Fixed per #4.
,
Feb 24 2018
,
Jun 2 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Dec 22 2017Labels: Security_Severity-High Security_Impact-None Pri-2
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)