Issue metadata
Sign in to add a comment
|
CVE-2018-12233 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-12233 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-12233 CVSS severity score: 6.8/10.0 Description: In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Aug 7
Upstream commit 92d34134193e ("jfs: Fix inconsistency between memory allocation and ea_buf->max_size"). Not in any stable releases. And, yes, not enabled in Chrome OS (nor any derivatives as far as I can see).
Marking as ExternalDependency for the time being. Will request to be applied to stable releases.
,
Aug 7
Patch will be available in next set of stable releases. Leaving bug in ExternalDependency state for tracking.
,
Aug 11
,
Nov 17
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by allenwebb@chromium.org
, Aug 7Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)