New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 859289 link

Starred by 1 user
Status: WontFix
Owner:
zsm@chromium.org
Closed: Jul 2
Cc:
wonderfly@chromium.org
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2018-11508 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jun 30 2018 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-11508
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-11508
  CVSS severity score: 2.1/10.0
  Description:

The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by zsm@chromium.org, Jul 2

Cc: groeck@chromium.org wonderfly@chromium.org
Labels: Security_Severity-Low Security_Impact-None Pri-3
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
Upstream fix is 0a0b9873("compat: fix 4-byte infoleak via uninitialized struct field")
This patch is present in 4.14. The bug is not present in 4.4 as the memset was not removed in the first place.

Sign in to add a comment