New issue
Advanced search Search tips

Issue 839359 link

Starred by 1 user
Status: Duplicate
Merged: issue 836207
Owner:
zsm@chromium.org
Closed: May 2018
Cc:
wonderfly@google.com
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CVE-2018-1095 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, May 3 2018 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-1095
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-1095
  CVSS severity score: 7.1/10.0
  Description:

The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by jorgelo@chromium.org, May 3 2018

Labels: Security_Impact-Stable Security_Severity-Low
Status: Available (was: Untriaged)

Comment 2 by jorgelo@chromium.org, May 3 2018

Labels: M-68
Project Member

Comment 3 by sheriffbot@chromium.org, May 3 2018

Labels: Pri-2

Comment 4 by groeck@chromium.org, May 3 2018

Cc: groeck@chromium.org wonderfly@google.com
Owner: zsm@chromium.org
Status: Assigned (was: Available)

Comment 5 by jorgelo@chromium.org, May 3 2018

Labels: -Security_Severity-Low -M-68 M-66 Security_Severity-hih
Guenter points out that according to the kernel team's guidelines, these are SS-High. While we harmonize the guidelines, we can follow the kernel team's for kernel bugs.

Comment 6 by jorgelo@chromium.org, May 3 2018

Labels: -Security_Severity-hih Security_Severity-High

Comment 7 by zsm@chromium.org, May 3 2018 

Triaged at chromium:835889 as below:
CVE-2018-1095:

Upstream commit ce3fd194fc ("ext4: limit xattr size to INT_MAX"). No CVE severity assigned. 4.4 not affected. Queued for v4.14.36.
------------------------------------
3.18 and older versions do not seem to be affected.
Project Member

Comment 8 by sheriffbot@chromium.org, May 4 2018

Labels: -Pri-2 Pri-1
Project Member

Comment 9 by sheriffbot@chromium.org, May 18 2018 

zsm: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 10 by groeck@chromium.org, May 18 2018

Mergedinto: 836207
Status: Duplicate (was: Assigned)
We are at v4.14.40, so we should be fine. Marking as duplicate of v4.14.36 merge bug.
Project Member

Comment 11 by sheriffbot@chromium.org, Aug 24

Labels: allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment