https://bugzilla.redhat.com/show_bug.cgi?id=1573699

groeck: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sorry, sheriffbot, the fix will have to wait for an upstream solution.

Only affects chromeos-4.14 per https://nvd.nist.gov/vuln/detail/CVE-2018-1118.

The submitted patch generated extensive bike shedding and does not seem to be going anywhere. Requested status update.
CVE severity has still not been determined, but is likely going to be low. Adjusting severity/impact and target release. Will readjust as needed after severity has been published.

 Issue 852760  has been merged into this issue.

Upstream commit 670ae9caaca4 ("vhost: fix info leak due to uninitialized memory"). Not yet available in any stable release, but tagged for it.

Fixed in chromeos-4.14 with merge of v4.14.52.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot