Issue metadata
Sign in to add a comment
|
CVE-2018-10087 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-10087 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-10087 CVSS severity score: 2.1/10.0 Description: The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
May 24 2018
Queued for v4.4.133.
,
May 29 2018
,
Sep 5
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, May 18 2018Labels: M-68 Security_Impact-Stable Security_Severity-Low Pri-2
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)
Upstream commit dd83c161fbcc5d8be ("kernel/exit.c: avoid undefined behaviour when calling wait4()"). Fixed in chromeos-4.14. Not yet available in older stable releases. Will request backport and pull from there.