New issue
Advanced search Search tips

Issue 900903 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: Nov 1
Cc:
wonderfly@google.com
zsm@chromium.org
allenwebb@google.com
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug-Security



Sign in to add a comment

CVE-2018-15572 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Nov 1 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-15572
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-15572
  CVSS severity score: 2.1/10.0
  Description:

The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by allenwebb@chromium.org, Nov 1

Cc: allenwebb@google.com
Labels: Security_Severity-Medium Security_Impact-Stable Pri-1
Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)
Feel free to reassign as necessary.

Comment 2 by groeck@google.com, Nov 1

Cc: wonderfly@google.com zsm@chromium.org
Labels: -Pri-1 -Security_Severity-Medium Security_Severity-Low Pri-3
Status: WontFix (was: Assigned)
Upstream commit fdf82a7856b32d ("x86/speculation: Protect against userspace-userspace spectreRSB"). chromeos-4.19 not affected. Fix already applied to chromeos-4.4 and chromeos-4.14. Patch does not apply cleanly to chromeos-3.18 and earlier since many context patches are missing. Trying to apply it would be much more risky than the problem itself. Marking WontFix.
Also reducing priority and severity as per guidelines.

Sign in to add a comment