New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 888326 link

Starred by 1 user
Status: WontFix
Owner:
zsm@chromium.org
Closed: Sep 24
Cc:
wonderfly@google.com
sawlani@google.com
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CVE-2018-14614 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 23 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-14614
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-14614
  CVSS severity score: 7.1/10.0
  Description:

An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by zsm@chromium.org, Sep 24

Cc: groeck@chromium.org sawlani@google.com wonderfly@google.com
Labels: Security_Severity-High Security_Impact-None Pri-1
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit is e494c2f995d6("f2fs: fix to do sanity check with cp_pack_start_sum")

CONFIG_F2FS_FS is not set, so marking as WontFix.

Will keep track of this bug in case the config flips in the future. Using configmonitor cronjob to monitor changes in kernel configs.

Sign in to add a comment