Issue metadata
Sign in to add a comment
|
CVE-2018-10124 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-10124 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-10124 CVSS severity score: 2.1/10.0 Description: The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
May 29 2018
Queued for v4.4.134 stable release.
,
Jun 5 2018
Merged into chromeos-4.14 with stable release merge. Marking as Fixed.
,
Jun 5 2018
That was too quick. Merge of v4.4.134 is still pending.
,
Jun 5 2018
.. now merged into chromeos-4.4.
,
Jun 6 2018
,
Sep 12
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, May 24 2018Labels: M-68 Kernel-4.4 Security_Impact-Stable Security_Severity-Low Pri-2
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)
Upstream commit 4ea77014af0d620 ("kernel/signal.c: avoid undefined behaviour in kill_something_info"). Affects chromeos-4.4 and earlier. Not yet available in any stable releases. Low severity. Requested to apply to upstream stable release. Will pull from there once available.