New issue
Advanced search Search tips

Issue 801107 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: Jan 2018
Cc:
adityakali@google.com
wonderfly@google.com
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2017-17975 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jan 11 2018 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2017-17975
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-17975
  CVSS severity score: 4.9/10.0
  Description:

Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by kerrnel@chromium.org, Jan 13 2018

Owner: groeck@chromium.org

Comment 2 by groeck@chromium.org, Jan 13 2018

Labels: Security_Severity-Low Security_Impact-None Pri-3
Status: WontFix (was: Untriaged)
Hmm .. weird. I thought I already saw this.

Fix is not upstream. usbtv is not enabled in any chromeos or VM configurations. Given the low severity, since it does not affect us, and since we would not be able to test a fix, it does not make sense for us to fix the problem ourself. Marking as WontFix.

Comment 3 by groeck@chromium.org, Jan 13 2018

Cc: wonderfly@google.com

Comment 4 by wonderfly@google.com, Jan 16 2018

Cc: adityakali@google.com

Sign in to add a comment