VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2018-14634
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-14634
CVSS severity score: 7.2/10.0
Description:
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by groeck@chromium.org
, Nov 28Labels: Security_Severity-High Security_Impact-None Pri-3
Owner: groeck@chromium.org
Status: WontFix (was: Untriaged)
Fixed with commit da029c11e6b1 ("exec: Limit arg stack to at most 75% of _STK_LIM"). Contrary to the description, linux 4.14.y is not affected (v4.14 was pulled after commit da029c11e6b1 was applied). As such, chromeos-4.14 and chromeos-4.19 are safe. The commit was backported to chromeos-4.4 in July 2017 and is not affected. chromeos-3.18 and earlier are theoretically affected. However, the exploit requires at least of 32GB of memory and a 64-bit system. As such, backporting the fix would not solve an actual problem. Marking as WontFix.