New issue
Advanced search Search tips

Issue 913908 link

Starred by 1 user
Status: WontFix
Owner:
zsm@chromium.org
Closed: Dec 11
Cc:
mikewu@google.com
wonderfly@google.com
groeck@chromium.org
zwisler@google.com
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

CVE-2018-18690 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Dec 11 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2018-18690
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-18690
  CVSS severity score: 4.9/10.0
  Description:

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by zwisler@google.com, Dec 11 

This fix was backported to v4.14.86 and has since been pulled into the Chrome OS v4.14 tree via a merge with stable.  See commit cb7ccb9924bb35 in the v4.14 stable series.

v4.14-mistral is still based on v4.14.78, and does not yet have this fix.

I don't think anyone has backported to the v4.4.X stable tree yet.

There is a backport targeting v3.16-stable which could be used to create patches for our various v3.X kernel trees.

Do we use XFS for anything in Chrome OS?  The few systems that I have seen so far all have ext4 as the rootfs?

Comment 2 by zwisler@google.com, Dec 11

Cc: zwisler@google.com

Comment 3 by zsm@chromium.org, Dec 11

Cc: groeck@chromium.org wonderfly@google.com
Labels: Security_Severity-Medium Security_Impact-None Pri-2
Owner: zsm@chromium.org
Status: WontFix (was: Untriaged)
CONFIG_XFS does not seem to be set anywhere in Chrome OS kernel configs. Marking this as WontFix. Keeping track of this bug in case the config is flipped in the future.

Comment 4 by zsm@chromium.org, Dec 11 

#3: s/CONFIG_XFS/CONFIG_XFS_FS

Comment 5 by wonderfly@google.com, Dec 11

Cc: mikewu@google.com

Sign in to add a comment