Issue metadata
Sign in to add a comment
|
CVE-2018-10021 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-10021 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-10021 CVSS severity score: 4.9/10.0 Description: ** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
May 23 2018
,
May 24 2018
Queued for v4.4.133, v4.14.44.
,
May 24 2018
,
Jun 5 2018
Merged into chromeos-4.4 and chromeos-4.14 with stable release merges. Marking as Fixed.
,
Jun 6 2018
,
Sep 12
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, May 23 2018Labels: M-68 Security_Impact-Stable Security_Severity-Medium Pri-2
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)
Upstream 318aaf34f1179b39f ("scsi: libsas: defer ata device eh commands to libata"). Not tagged for stable, not in any stable releases. Requested to pull into stable releases. Given its disputed status, we'll pull in from there once available.