New issue
Advanced search Search tips

Issue 912889 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: Dec 7
Cc:
mikewu@google.com
kerrnel@chromium.org
wonderfly@google.com
zsm@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

CVE-2018-18445 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Dec 7 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-18445
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-18445
  CVSS severity score: 7.2/10.0
  Description:

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by kerrnel@chromium.org, Dec 7

Cc: kerrnel@chromium.org
Labels: Security_Impact-Stable M-73 Security_Severity-High Pri-1

Comment 2 by groeck@chromium.org, Dec 7

Cc: wonderfly@google.com zsm@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit b799207e1e1816b0 ("bpf: 32-bit RSH verification must truncate input before the ALU op"). Per CVE, only chromeos-4.14 is affected. Fixed in chromeos-4.14 with the merge of v4.14.75, which included in M-72. Marking as WontFix.

Note that this is a high severity bug, which we would normally (if it was not already the case) apply to stable branches, ie at least M-72. Not sure I understand why it was marked M-73.

Comment 3 by groeck@chromium.org, Dec 7

Owner: groeck@chromium.org

Comment 4 by wonderfly@google.com, Dec 7

Cc: mikewu@google.com

Sign in to add a comment