New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 877039 link

Starred by 1 user
Status: WontFix
Owner:
zsm@chromium.org
Closed: Aug 23
Cc:
wonderfly@chromium.org
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2018-12928 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Aug 23 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-12928
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-12928
  CVSS severity score: 4.9/10.0
  Description:

In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by zsm@chromium.org, Aug 23

Cc: groeck@chromium.org wonderfly@chromium.org
Labels: Security_Severity-Medium Security_Impact-None Pri-3
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
CONFIG_HFS_FS is not set in any of our kernels. It is unclear if an upstream fix is out for this CVE yet. Marking as WontFix as it does not affect any of the chromeos kernels.

Sign in to add a comment