Issue metadata
Sign in to add a comment
|
CVE-2018-14609 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-14609 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-14609 CVSS severity score: 7.1/10.0 Description: An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Sep 24
,
Sep 25
Waiting to hear back from btrfs maintainers.
,
Oct 3
The patch is now in v4.14, v4.4. Marking as Fixed.
,
Oct 4
,
Jan 10
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by zsm@chromium.org
, Sep 24Labels: Security_Severity-High Security_Impact-None Pri-1
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit is 389305b2aa6("btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized") CONFIG_BTRFS_FS is not set, so marking as WontFix. Will keep track of this bug in case the config flips in the future. Using configmonitor cronjob to monitor changes in kernel configs.