New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 801106 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: Jan 2018
Cc:
wonderfly@google.com
sawlani@google.com
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2016-3695 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jan 11 2018 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2016-3695
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3695
  CVSS severity score: 2.1/10.0
  Description:

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by groeck@chromium.org, Jan 11 2018

Labels: Security_Severity-Low Security_Impact-None Pri-3
Status: WontFix (was: Untriaged)
Requires ACPI_APEI_EINJ to be enabled, which is not the case for Chrome OS or Lakitu. Furthermore, requires apei_einj module to be loaded, which can only be done by the superuser. The module is intended for testing only and should not normally be loaded. If it is loaded anyway, that would be an operator error.
The fix is not available upstream. WontFix since it does not affect us and since exposing the exploit requires a privileged operation.

Comment 2 by groeck@chromium.org, Jan 11 2018

Cc: wonderfly@google.com
Owner: groeck@chromium.org

Comment 3 by wonderfly@google.com, Jan 11 2018

Cc: sawlani@google.com

Sign in to add a comment