Issue metadata
Sign in to add a comment
|
CVE-2018-13053 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-13053 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-13053 CVSS severity score: 4.6/10.0 Description: The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Aug 31
https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/1200143 coral-pre-cq https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936659476324203232 bob-pre-cq https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936659473383126896 kevin-pre-cq https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936659470702804720 coral-paladin-tryjob https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936659465906947168 bob-paladin-tryjob https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936659463245079056 kevin-paladin-tryjob https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936659460144349792
,
Aug 31
#1: "commit is present in v4.14" - are you sure ? I didn't see it there. What am I missing ?
,
Aug 31
Thanks Guenter, I might have checked on the wrong branch where I was testing applying patchfinder results. I'll test this on v4.14 as well. https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/1200282 grunt-pre-cq https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936652924159953008 cheza-pre-cq https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936652920822673424 grunt-paladin-tryjob https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936652917864819056 cheza-paladin-tryjob https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936652914924400288
,
Sep 1
,
Sep 4
,
Sep 10
pre-cqs succeed for the CLs, some paladins are having errors. cheza-paladin succeeds here : https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936301616402889712 kevin-paladin succeeds here : https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8936301656347205376 I've requested this patch to be pulled into 4.14.y and 4.4.y
,
Sep 10
,
Oct 12
Patch is now in v4.14 and v4.4 via stable merge.
,
Oct 13
,
Jan 19
(3 days ago)
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by zsm@chromium.org
, Aug 31Labels: Security_Severity-Low Security_Impact-Stable Pri-3
Owner: zsm@chromium.org
Status: Assigned (was: Untriaged)
Upstream commit is 5f936e19cc ("alarmtimer: Prevent overflow for relative nanosleep"). This commit is present in v4.14(but not in stable upstream). Older kernels do not have this commit. Unclear if this bug alone can be used for privesc, but will request upstream stable merge of this patch.