New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 877465 link

Starred by 1 user
Status: WontFix
Owner:
zsm@chromium.org
Closed: Aug 24
Cc:
wonderfly@chromium.org
gwendal@chromium.org
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2018-13096 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Aug 24 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-13096
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-13096
  CVSS severity score: 4.3/10.0
  Description:

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by zsm@chromium.org, Aug 24

Cc: groeck@chromium.org wonderfly@chromium.org
Labels: Security_Impact-None Security_Severity-Low Pri-3
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit is e34438c903b6("f2fs: fix to do sanity check with node footer and iblocks"). This commit is not present in our kernels. Marking as Wontfix as CONFIG_F2FS_FS is not set.

Comment 2 by mnissler@chromium.org, Aug 27

Cc: gwendal@chromium.org
+gwendal who is considering to use F2FS for Chrome OS

Comment 3 by zsm@chromium.org, Aug 27 

Kindly update the bug/let me know if F2FS is going to be introduced into ChromeOS. There are commits from earlier this year as well which would need to be pulled in.

Sign in to add a comment