New issue
Advanced search Search tips

Issue 826674 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: Mar 2018
Cc:
wonderfly@google.com
zsm@chromium.org
xueweiz@google.com
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2018-7755 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Mar 28 2018 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-7755
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-7755
  CVSS severity score: 5/10.0
  Description:

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by groeck@chromium.org, Mar 28 2018

Cc: wonderfly@google.com zsm@chromium.org
Labels: Security_Severity-Medium Security_Impact-Stable Pri-3
Owner: groeck@chromium.org
Status: WontFix (was: Untriaged)
Proposed fix: https://lkml.org/lkml/2018/3/7/1116. Fix not available upstream. 
 BLK_DEV_FD is not enabled in ChromeOS images. Marking as WontFix; will pick up fix with stable release merge if/when available.

Comment 2 by wonderfly@google.com, Mar 28 2018

Cc: xueweiz@google.com

Sign in to add a comment