Issue metadata
Sign in to add a comment
|
CVE-2018-8087 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-8087 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-8087 CVSS severity score: 4.9/10.0 Description: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Apr 10 2018
,
Apr 11 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7654900ce3f70205d9a5e853e46611f0786b0fc1 commit 7654900ce3f70205d9a5e853e46611f0786b0fc1 Author: weiyongjun (A) <weiyongjun1@huawei.com> Date: Wed Apr 11 02:13:04 2018 UPSTREAM: mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() 'hwname' is malloced in hwsim_new_radio_nl() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Johannes Berg <johannes.berg@intel.com> BUG= chromium:831111 TEST=Build and boot Change-Id: Ic951d8bdfe4fe1eeedb34f0aa3e63ef62af06609 Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 0ddcff49b672239dda94d70d0fcf50317a9f4b51) Reviewed-on: https://chromium-review.googlesource.com/1005407 Tested-by: Kirtika Ruchandani <kirtika@chromium.org> Reviewed-by: Kirtika Ruchandani <kirtika@chromium.org> [modify] https://crrev.com/7654900ce3f70205d9a5e853e46611f0786b0fc1/drivers/net/wireless/mac80211_hwsim.c
,
Apr 11 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/cc4b5661856fb517f15097aa555481967f34052e commit cc4b5661856fb517f15097aa555481967f34052e Author: weiyongjun (A) <weiyongjun1@huawei.com> Date: Wed Apr 11 02:13:19 2018 UPSTREAM: mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() 'hwname' is malloced in hwsim_new_radio_nl() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Johannes Berg <johannes.berg@intel.com> BUG= chromium:831111 TEST=Build and boot Change-Id: Ic951d8bdfe4fe1eeedb34f0aa3e63ef62af06609 Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 0ddcff49b672239dda94d70d0fcf50317a9f4b51) Reviewed-on: https://chromium-review.googlesource.com/1005454 Tested-by: Kirtika Ruchandani <kirtika@chromium.org> Reviewed-by: Kirtika Ruchandani <kirtika@chromium.org> [modify] https://crrev.com/cc4b5661856fb517f15097aa555481967f34052e/drivers/net/wireless/mac80211_hwsim.c
,
Apr 11 2018
,
Apr 11 2018
This bug requires manual review: We are only 5 days from stable. Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), josafat@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 11 2018
,
Apr 11 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/79b95b6870231f28622b6846b7ff25b7e3f1f83f commit 79b95b6870231f28622b6846b7ff25b7e3f1f83f Author: weiyongjun (A) <weiyongjun1@huawei.com> Date: Wed Apr 11 07:59:37 2018 UPSTREAM: mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() 'hwname' is malloced in hwsim_new_radio_nl() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Johannes Berg <johannes.berg@intel.com> BUG= chromium:831111 TEST=Build and boot Change-Id: Ic951d8bdfe4fe1eeedb34f0aa3e63ef62af06609 Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 0ddcff49b672239dda94d70d0fcf50317a9f4b51) Reviewed-on: https://chromium-review.googlesource.com/1005407 Tested-by: Kirtika Ruchandani <kirtika@chromium.org> Reviewed-by: Kirtika Ruchandani <kirtika@chromium.org> (cherry picked from commit 7654900ce3f70205d9a5e853e46611f0786b0fc1) Reviewed-on: https://chromium-review.googlesource.com/1006418 [modify] https://crrev.com/79b95b6870231f28622b6846b7ff25b7e3f1f83f/drivers/net/wireless/mac80211_hwsim.c
,
Apr 11 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/77c1e37ddbbe655aaf034483a40669b3e7b7c57c commit 77c1e37ddbbe655aaf034483a40669b3e7b7c57c Author: weiyongjun (A) <weiyongjun1@huawei.com> Date: Wed Apr 11 07:59:42 2018 UPSTREAM: mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() 'hwname' is malloced in hwsim_new_radio_nl() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Johannes Berg <johannes.berg@intel.com> BUG= chromium:831111 TEST=Build and boot Change-Id: Ic951d8bdfe4fe1eeedb34f0aa3e63ef62af06609 Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 0ddcff49b672239dda94d70d0fcf50317a9f4b51) Reviewed-on: https://chromium-review.googlesource.com/1005454 Tested-by: Kirtika Ruchandani <kirtika@chromium.org> Reviewed-by: Kirtika Ruchandani <kirtika@chromium.org> (cherry picked from commit cc4b5661856fb517f15097aa555481967f34052e) Reviewed-on: https://chromium-review.googlesource.com/1006419 [modify] https://crrev.com/77c1e37ddbbe655aaf034483a40669b3e7b7c57c/drivers/net/wireless/mac80211_hwsim.c
,
Apr 11 2018
,
Apr 11 2018
,
Jul 18
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Apr 10 2018Labels: Security_Severity-Medium M-66 Security_Impact-Stable Pri-2
Owner: groeck@chromium.org
Status: Started (was: Untriaged)
Upstream commit 0ddcff49b6722 ("mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()"). Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length"). Needed in chromeos-4.4 and chromeos-4.14. Older kernels are not affected.