Issue 890618 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	groeck@chromium.org
Closed:	Sep 30
Cc:	wonderfly@google.com zsm@chromium.org chromeos-kernel-security-bug-access@google.com
Components:	OS>Kernel
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	3
Type:	Bug-Security
Vomit Security_Severity-Medium Security_Impact-None CVE-2018-14734

CVE-2018-14734 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 30

Issue description

VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-14734
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-14734
  CVSS severity score: 6.1/10.0
  Description:

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by groeck@chromium.org, Sep 30

Cc: wonderfly@google.com zsm@chromium.org
Labels: Security_Severity-Medium Security_Impact-None Pri-3
Owner: groeck@chromium.org
Status: WontFix (was: Untriaged)

The issues has been fixed upstream with commit 52175c849bd ("infiniband: fix a possible use-after-free bug"). The fix is present (at least) in v4.4.y and v4.14.y and thuse is or will be merged into the respective chromeos branches.
Nevertheless, infiniband is not enabled in any of our images. Marking as WontFix.

►

Issue 890618 link

Issue metadata

CVE-2018-14734 CrOS: Vulnerability reported in Linux kernel

Issue description

Comment 1 by groeck@chromium.org, Sep 30

Comment 1 Deleted

Sign in to add a comment