New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 849329 link

Starred by 1 user
Status: Fixed
Owner:
kerrnel@chromium.org
Closed: Jun 2018
Cc:
dtor@chromium.org
mnissler@chromium.org
jorgelo@chromium.org
adurbin@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: CVE-2018-5383

Reported by nathanb@lenovo-chrome.com, Jun 4 2018 
This is a high-priority request to understand Google's response to CVE-2018-5383, which is at the time of this writing not publicly disclosed.

If Google have a statement describing the timeline of how Chrome OS will address this issue or at least can verify that you are working on it, that would be very helpful.

Thanks!

Comment 1 by mea...@chromium.org, Jun 4 2018

Owner: awhalley@chromium.org
Status: Assigned (was: Unconfirmed)
awhalley: I can't find any references to CVE-2018-5383, can you please take a look?

Comment 2 by nathanb@lenovo-chrome.com, Jun 4 2018 

You might be able to find it under PSIRT-TA-201805-002 if you can't find it by CVE.

Comment 3 by awhalley@chromium.org, Jun 4 2018

Labels: OS-Chrome
Owner: kerrnel@chromium.org
Over to Chrome OS security folk.

Comment 4 by kerrnel@chromium.org, Jun 4 2018

Cc: jorgelo@chromium.org dtor@chromium.org mnissler@chromium.org
Per https://bugs.chromium.org/p/chromium/issues/detail?id=807486#c45:

"For the record, this vulnerability was fixed for QCA6174 at crosreview.com/979373 which landed on 05/01/2018."

But CCing folks who might know more.

Comment 5 by jorgelo@chromium.org, Jun 4 2018 

Greg has it right, as far as I know.

Comment 6 by kerrnel@chromium.org, Jun 4 2018

Labels: Needs-Feedback
nathanb: does that address your question?

Comment 7 by nathanb@lenovo-chrome.com, Jun 4 2018 

I can't view the linked bug, but if the linked fix addresses the issue then that is sufficient for me. I will record that it's been taken care of.

Thanks!

Comment 8 by nathanb@lenovo-chrome.com, Jun 5 2018 

What release will this land in?

Comment 9 by kerrnel@chromium.org, Jun 5 2018 

May 1 is M-67.

Comment 10 by kerrnel@chromium.org, Jun 5 2018 

Sorry, *M-68* branched on May 11th. So this fix will go out in *M-68*.

Comment 11 by nathanb@lenovo-chrome.com, Jun 5 2018 

Understood, thank you.

Comment 12 by jorgelo@chromium.org, Jun 5 2018 

Bear in mind that the kernel functionality using this pairing mechanism was disabled in time for M67. The fix that landed for M68 was for Qualcomm-specific firmware.

Comment 13 by jorgelo@chromium.org, Jun 11 2018

Status: Fixed (was: Assigned)
Marking as fixed since the information was provided.

Comment 14 by nathanb@lenovo-chrome.com, Jun 11 2018 

Thank you for the information! I would have moved this bug to a terminal state myself but I don't have the access for that :)

Comment 15 by awhalley@chromium.org, Jun 11 2018

Labels: reward-topanel

Comment 16 by awhalley@chromium.org, Jun 11 2018

Labels: -reward-topanel reward-NA
Project Member

Comment 17 by sheriffbot@chromium.org, Jun 12 2018

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 18 by mbarbe...@chromium.org, Jul 27

Components: OS>Firmware
Project Member

Comment 19 by sheriffbot@chromium.org, Sep 18

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment