Issue metadata
Sign in to add a comment
|
CVE-2018-5750 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-5750 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-5750 CVSS severity score: 2.1/10.0 Description: The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Feb 12 2018
43cdd1b716b26 ("ACPI: sbshc: remove raw pointer from printk() message") fixes this issue.
This fix is not present in 4.4, 4.14, 3.8, 3.18, 3.14, 3.10.
,
Feb 12 2018
,
Feb 12 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f421b8d8340993dad233ee18bf07c0e7215e25c1 commit f421b8d8340993dad233ee18bf07c0e7215e25c1 Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Date: Mon Feb 12 18:43:02 2018 UPSTREAM: ACPI: sbshc: remove raw pointer from printk() message There's no need to be printing a raw kernel pointer to the kernel log at every boot. So just remove it, and change the whole message to use the correct dev_info() call at the same time. BUG= chromium:811048 TEST=Build and run Change-Id: I7c9b1b87d5089ef1bc276d02838f41fe4e06d75f Reported-by: Wang Qize <wang_qize@venustech.com.cn> Cc: All applicable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> (cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6) Signed-off-by: Zubin Mithra <zsm@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/913448 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/f421b8d8340993dad233ee18bf07c0e7215e25c1/drivers/acpi/sbshc.c
,
Feb 12 2018
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/94ca841830d84aa115ed9035e2874062d4d62598 commit 94ca841830d84aa115ed9035e2874062d4d62598 Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Date: Thu Feb 15 16:58:20 2018 UPSTREAM: ACPI: sbshc: remove raw pointer from printk() message There's no need to be printing a raw kernel pointer to the kernel log at every boot. So just remove it, and change the whole message to use the correct dev_info() call at the same time. BUG= chromium:811048 TEST=Build and run Change-Id: I7c9b1b87d5089ef1bc276d02838f41fe4e06d75f Reported-by: Wang Qize <wang_qize@venustech.com.cn> Cc: All applicable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> (cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6) Signed-off-by: Zubin Mithra <zsm@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/913449 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/94ca841830d84aa115ed9035e2874062d4d62598/drivers/acpi/sbshc.c
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/53ff7d1960b310a37cae734d14946f5578848753 commit 53ff7d1960b310a37cae734d14946f5578848753 Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Date: Thu Feb 15 16:58:22 2018 UPSTREAM: ACPI: sbshc: remove raw pointer from printk() message There's no need to be printing a raw kernel pointer to the kernel log at every boot. So just remove it, and change the whole message to use the correct dev_info() call at the same time. BUG= chromium:811048 TEST=Build and run Change-Id: I7c9b1b87d5089ef1bc276d02838f41fe4e06d75f Reported-by: Wang Qize <wang_qize@venustech.com.cn> Cc: All applicable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> (cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6) Signed-off-by: Zubin Mithra <zsm@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/913388 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/53ff7d1960b310a37cae734d14946f5578848753/drivers/acpi/sbshc.c
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4a1cbdf295af1b17dae427da69a6f07bc6cbc325 commit 4a1cbdf295af1b17dae427da69a6f07bc6cbc325 Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Date: Thu Feb 15 16:58:16 2018 UPSTREAM: ACPI: sbshc: remove raw pointer from printk() message There's no need to be printing a raw kernel pointer to the kernel log at every boot. So just remove it, and change the whole message to use the correct dev_info() call at the same time. BUG= chromium:811048 TEST=Build and run Change-Id: I7c9b1b87d5089ef1bc276d02838f41fe4e06d75f Reported-by: Wang Qize <wang_qize@venustech.com.cn> Cc: All applicable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> (cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6) Signed-off-by: Zubin Mithra <zsm@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/913350 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/4a1cbdf295af1b17dae427da69a6f07bc6cbc325/drivers/acpi/sbshc.c
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/595f6f417bcaa4eced6ad3239bf4cef0d616384d commit 595f6f417bcaa4eced6ad3239bf4cef0d616384d Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Date: Thu Feb 15 16:58:18 2018 UPSTREAM: ACPI: sbshc: remove raw pointer from printk() message There's no need to be printing a raw kernel pointer to the kernel log at every boot. So just remove it, and change the whole message to use the correct dev_info() call at the same time. BUG= chromium:811048 TEST=Build and run Change-Id: I7c9b1b87d5089ef1bc276d02838f41fe4e06d75f Reported-by: Wang Qize <wang_qize@venustech.com.cn> Cc: All applicable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> (cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6) Signed-off-by: Zubin Mithra <zsm@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/913408 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/595f6f417bcaa4eced6ad3239bf4cef0d616384d/drivers/acpi/sbshc.c
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/62b1d8c0fc8a45e5dcbc8b06b8d43443ff7f4307 commit 62b1d8c0fc8a45e5dcbc8b06b8d43443ff7f4307 Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Date: Thu Feb 15 21:50:56 2018 UPSTREAM: ACPI: sbshc: remove raw pointer from printk() message There's no need to be printing a raw kernel pointer to the kernel log at every boot. So just remove it, and change the whole message to use the correct dev_info() call at the same time. BUG= chromium:811048 TEST=Build and run Change-Id: I7c9b1b87d5089ef1bc276d02838f41fe4e06d75f Reported-by: Wang Qize <wang_qize@venustech.com.cn> Cc: All applicable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> (cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6) Signed-off-by: Zubin Mithra <zsm@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/913428 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/62b1d8c0fc8a45e5dcbc8b06b8d43443ff7f4307/drivers/acpi/sbshc.c
,
Feb 16 2018
,
Feb 16 2018
,
May 25 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Feb 11 2018Labels: Security_Severity-Low M-66 Security_Impact-Stable Pri-1
Owner: zsm@chromium.org
Status: Assigned (was: Untriaged)