New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 888321 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Oct 3
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CVE-2018-14609 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 23

Issue description

VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-14609
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-14609
  CVSS severity score: 7.1/10.0
  Description:

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

 
Cc: groeck@chromium.org wonderfly@google.com
Labels: Security_Severity-High Security_Impact-None Pri-1
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit is 389305b2aa6("btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized")

CONFIG_BTRFS_FS is not set, so marking as WontFix.

Will keep track of this bug in case the config flips in the future. Using configmonitor cronjob to monitor changes in kernel configs.
Cc: sawlani@google.com
Status: ExternalDependency (was: WontFix)
Waiting to hear back from btrfs maintainers.
Status: Fixed (was: ExternalDependency)
The patch is now in v4.14, v4.4. Marking as Fixed.
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 4

Labels: Restrict-View-SecurityNotify
Project Member

Comment 6 by sheriffbot@chromium.org, Jan 10

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment