Issue metadata
Sign in to add a comment
|
CVE-2017-18216 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-18216 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-18216 CVSS severity score: 2.1/10.0 Description: In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Mar 28 2018
Note: This commit is not present in any of the kernels. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by zsm@chromium.org
, Mar 28 2018Labels: Security_Severity-Low Security_Impact-None Pri-3
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
The upstream fix is 853bc26a("ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent"). CONFIG_OCFS2_FS does not seem to be set in any of the kernels. Marking as WontFix.