Issue metadata
Sign in to add a comment
|
CVE-2017-17741 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-17741 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-17741 CVSS severity score: 2.1/10.0 Description: The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Jan 6 2018
,
Jan 8 2018
,
Jan 10 2018
Will wait for stable release merge.
,
Feb 4 2018
Fixed in chromeos-4.4 with merge of v4.4.112, and in chromeos-4.14 with merge of v4.14.14.
,
May 14 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Jan 6 2018Labels: Security_Severity-Low Security_Impact-Stable M-65 Pri-1
Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)
Upstream commit e39d200fa5bf ("KVM: Fix stack-out-of-bounds read in write_mmio").