Issue metadata
Sign in to add a comment
|
CVE-2018-11506 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-11506 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-11506 CVSS severity score: 7.2/10.0 Description: The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Jul 2
f7068114d4 says it fixes 82ed4db499b8. Unless I am missing something, that means that the problem does not exist in chromeos-4.4 and earlier kernels.
,
Jul 2
Thanks, yes, that seems to be the case, I've corrected the impact label. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by zsm@chromium.org
, Jul 2Labels: Security_Impact-Stable Security_Severity-High Pri-2
Owner: zsm@chromium.org
Status: Assigned (was: Untriaged)
Upstream patch is f7068114d4("sr: pass down correctly sized SCSI sense buffer") This is present in 4.14. Other kernels do not seem to have this fix. There is a conflict when applying to 4.4.