New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 849329 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Jun 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: CVE-2018-5383

Reported by nathanb@lenovo-chrome.com, Jun 4 2018

Issue description

This is a high-priority request to understand Google's response to CVE-2018-5383, which is at the time of this writing not publicly disclosed.

If Google have a statement describing the timeline of how Chrome OS will address this issue or at least can verify that you are working on it, that would be very helpful.

Thanks!
 
Owner: awhalley@chromium.org
Status: Assigned (was: Unconfirmed)
awhalley: I can't find any references to CVE-2018-5383, can you please take a look?
You might be able to find it under PSIRT-TA-201805-002 if you can't find it by CVE.
Labels: OS-Chrome
Owner: kerrnel@chromium.org
Over to Chrome OS security folk.
Cc: jorgelo@chromium.org dtor@chromium.org mnissler@chromium.org
Per https://bugs.chromium.org/p/chromium/issues/detail?id=807486#c45:

"For the record, this vulnerability was fixed for QCA6174 at crosreview.com/979373 which landed on 05/01/2018."

But CCing folks who might know more.
Greg has it right, as far as I know.
Labels: Needs-Feedback
nathanb: does that address your question?
I can't view the linked bug, but if the linked fix addresses the issue then that is sufficient for me. I will record that it's been taken care of.

Thanks!
What release will this land in?
May 1 is M-67.
Sorry, *M-68* branched on May 11th. So this fix will go out in *M-68*.
Understood, thank you. 
Bear in mind that the kernel functionality using this pairing mechanism was disabled in time for M67. The fix that landed for M68 was for Qualcomm-specific firmware.
Status: Fixed (was: Assigned)
Marking as fixed since the information was provided.
Thank you for the information! I would have moved this bug to a terminal state myself but I don't have the access for that :)
Labels: reward-topanel
Labels: -reward-topanel reward-NA
Project Member

Comment 17 by sheriffbot@chromium.org, Jun 12 2018

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Components: OS>Firmware
Project Member

Comment 19 by sheriffbot@chromium.org, Sep 18

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment