Triage at chromium:835889 below:-
CVE-2018-1093:

Upstream commit 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers"). No CVE severity assigned. Not (yet) queued for any stable releases, but marked for stable.
The patches fixing for CVE-2018-1093 are queued for v4.14.39, v4.4.131, and v3.18.108.

Guenter points out that according to the kernel team's guidelines, these are SS-High. While we harmonize the guidelines, we can follow the kernel team's for kernel bugs.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/95633d3285437bc18bc34db33200a4e127b145cf

commit 95633d3285437bc18bc34db33200a4e127b145cf
Author: Theodore Ts'o <tytso@mit.edu>
Date: Sat May 05 03:38:02 2018

UPSTREAM: ext4: add validity checks for bitmap block numbers

An privileged attacker can cause a crash by mounting a crafted ext4
image which triggers a out-of-bounds read in the function
ext4_valid_block_bitmap() in fs/ext4/balloc.c.

This issue has been assigned CVE-2018-1093.

BUG= chromium:839357 
TEST=None

Change-Id: I4665dad01297f9f0dbe6e8577d9a76f7979d0eb6
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
(cherry picked from commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f)
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1042617

[modify] https://crrev.com/95633d3285437bc18bc34db33200a4e127b145cf/fs/ext4/balloc.c
[modify] https://crrev.com/95633d3285437bc18bc34db33200a4e127b145cf/fs/ext4/ialloc.c

zsm: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/d7d6379d409853a640af138c64e2927184139780

commit d7d6379d409853a640af138c64e2927184139780
Author: Theodore Ts'o <tytso@mit.edu>
Date: Sat May 19 06:07:36 2018

UPSTREAM: ext4: add validity checks for bitmap block numbers

An privileged attacker can cause a crash by mounting a crafted ext4
image which triggers a out-of-bounds read in the function
ext4_valid_block_bitmap() in fs/ext4/balloc.c.

This issue has been assigned CVE-2018-1093.

BUG= chromium:839357 
TEST=None

Change-Id: I4665dad01297f9f0dbe6e8577d9a76f7979d0eb6
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
(cherry picked from commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f)
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1042818
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>

[modify] https://crrev.com/d7d6379d409853a640af138c64e2927184139780/fs/ext4/balloc.c
[modify] https://crrev.com/d7d6379d409853a640af138c64e2927184139780/fs/ext4/ialloc.c

This bug requires manual review: We are only 9 days from stable.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Has the CL in #11 been extensively tested in ToT/M68?

#14: What exactly in addition to the normal "no issues reported" are you looking for ?

I don't see that any testing feedback was reported in this bug to date (let alone "no issues reported").  I'd like to confirm this change was tested in ToT / M68 as fixed with no unanticipated results before we consider a merge this late in the M67 lifecycle.

Like with any other security fixes, we run the patch through CQ and, if it appears critical, through additional trybots. We do not try to confirm that the problem is indeed fixed since that would essentially duplicate the work of everyone involved in fixing the problem in the upstream kernel. We may also rely on "soaking" a fix in ToT for a period of time - in this case for about a week in chromeos-3.18 and about three weeks in chromeos-4.4 as well as chromeos-4.14. We do not plan to perform any additional testing. If that is insufficient, please feel free to reject the merge request.

Approving merge to M67 Chrome OS.  Thanks for the details.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/9194949d4df2fd7e60dd8ffb1bddb016a8f0bd7c

commit 9194949d4df2fd7e60dd8ffb1bddb016a8f0bd7c
Author: Theodore Ts'o <tytso@mit.edu>
Date: Tue May 29 18:23:05 2018

UPSTREAM: ext4: add validity checks for bitmap block numbers

An privileged attacker can cause a crash by mounting a crafted ext4
image which triggers a out-of-bounds read in the function
ext4_valid_block_bitmap() in fs/ext4/balloc.c.

This issue has been assigned CVE-2018-1093.

BUG= chromium:839357 
TEST=None

Change-Id: I4665dad01297f9f0dbe6e8577d9a76f7979d0eb6
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
(cherry picked from commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f)
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1042818
Commit-Ready: Guenter Roeck <groeck@chromium.org>
Tested-by: Guenter Roeck <groeck@chromium.org>
(cherry picked from commit d7d6379d409853a640af138c64e2927184139780)
Reviewed-on: https://chromium-review.googlesource.com/1077008

[modify] https://crrev.com/9194949d4df2fd7e60dd8ffb1bddb016a8f0bd7c/fs/ext4/balloc.c
[modify] https://crrev.com/9194949d4df2fd7e60dd8ffb1bddb016a8f0bd7c/fs/ext4/ialloc.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/12e7235fed50d70fb806cf820cbdf7032f6daad9

commit 12e7235fed50d70fb806cf820cbdf7032f6daad9
Author: Theodore Ts'o <tytso@mit.edu>
Date: Tue May 29 18:23:08 2018

UPSTREAM: ext4: add validity checks for bitmap block numbers

An privileged attacker can cause a crash by mounting a crafted ext4
image which triggers a out-of-bounds read in the function
ext4_valid_block_bitmap() in fs/ext4/balloc.c.

This issue has been assigned CVE-2018-1093.

BUG= chromium:839357 
TEST=None

Change-Id: I4665dad01297f9f0dbe6e8577d9a76f7979d0eb6
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
(cherry picked from commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f)
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1042617
(cherry picked from commit 95633d3285437bc18bc34db33200a4e127b145cf)
Reviewed-on: https://chromium-review.googlesource.com/1077007

[modify] https://crrev.com/12e7235fed50d70fb806cf820cbdf7032f6daad9/fs/ext4/balloc.c
[modify] https://crrev.com/12e7235fed50d70fb806cf820cbdf7032f6daad9/fs/ext4/ialloc.c

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot