New issue
Advanced search Search tips

Issue 850490 link

Starred by 1 user
Status: Fixed
Owner:
zsm@chromium.org
Closed: Jun 2018
Cc:
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2018-8781 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jun 7 2018 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-8781
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-8781
  CVSS severity score: 7.2/10.0
  Description:

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by zsm@google.com, Jun 7 2018

Cc: groeck@chromium.org
Labels: Security_Severity-High Security_Impact-None Pri-3
Owner: zsm@chromium.org
Status: Fixed (was: Untriaged)
CONFIG_DRM_UDL is set in 4.14.
Upstream commit is 3b82a4db8("drm: udl: Properly check framebuffer mmap offsets")
The commit is present in 4.14, 4.4, 3.18, 3.14, 3.10, 3.8; closing this bug.
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 8 2018

Labels: Restrict-View-SecurityNotify
Project Member

Comment 3 by sheriffbot@chromium.org, Sep 14

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment