New issue
Advanced search Search tips

Issue 800276 link

Starred by 1 user
Status: Duplicate
Merged: issue 794504
Owner:
groeck@chromium.org
Closed: Jan 2018
Cc:
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CVE-2017-17558 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jan 9 2018 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2017-17558
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-17558
  CVSS severity score: 7.2/10.0
  Description:

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by groeck@chromium.org, Jan 9 2018

Labels: Security_Severity-High Security_Impact-Stable Pri-1
Mergedinto: 794504
Owner: groeck@chromium.org
Status: Duplicate (was: Untriaged)
Upstream commit 48a4ff1c7bb5 ("USB: core: prevent malicious bNumInterfaces overflow"). Already fixed.
Project Member

Comment 2 by sheriffbot@chromium.org, Apr 17 2018

Labels: allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment