Issue metadata
Sign in to add a comment
|
CVE-2017-17857 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-17857 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-17857 CVSS severity score: 7.2/10.0 Description: The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Jan 10 2018
sawlani@, fyi
,
Jan 11 2018
Correction of #1: Lakitu has BPF_SYSCALL enabled, and ths fix is not in chromeos-4.4. However, the problem was introduced with commit f1174f77b50c ("bpf/verifier: rework value tracking"), which is not in chromeos-4.4, and the fix is therefore not needed in that release.
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Jan 10 2018Labels: M-65 Security_Severity-High Security_Impact-None Pri-1
Owner: groeck@chromium.org
Status: WontFix (was: Untriaged)