New issue
Advanced search Search tips

Issue 808515 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Feb 2018
Cc:
kerrnel@chromium.org
mnissler@chromium.org
jorgelo@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Task



Sign in to add a comment

CVE-2017-17426: glibc malloc security bug

Project Member Reported by kerrnel@chromium.org, Feb 2 2018 
Check to see if Chrome OS is affected by https://nvd.nist.gov/vuln/detail/CVE-2017-17426

Current Description
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.

It affects glibc:2.26:*:*:*:*:*:*:*

Comment 1 by palmer@chromium.org, Feb 2 2018

Cc: jorgelo@chromium.org mnissler@chromium.org
Labels: -Type-Bug-Security -Pri-3 M-65 Pri-1 Type-Task
Let's get this nailed down relatively quickly. Who wants to own it? :)

Further fun reading: http://tukan.farm/2017/07/08/tcache/

Comment 2 by kerrnel@chromium.org, Feb 2 2018

Cc: kerrnel@chromium.org

Comment 3 by kerrnel@chromium.org, Feb 2 2018

Status: WontFix (was: Untriaged)
This was introduced by commit d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc, which showed up first in the 2.26 branch. CrOs has 2.23 and so this bug is not present.

Sign in to add a comment