Issue metadata
Sign in to add a comment
|
CVE-2018-19407 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-19407 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-19407 CVSS severity score: 4.9/10.0 Description: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Dec 20
The upstream fix is
e97f852fd456 ("KVM: X86: Fix scan ioapic use-before-initialization")
This patch is present in chromeos-4.19, v4.14.
v4.4 and older do not have this patch. 4.4.y does not have this patch.
Will send a backport to stable if the PoC reproduces the crash.
,
Dec 20
,
Dec 21
,
Dec 21
,
Jan 3
I tried running this PoC on a chromebook(astronaut) with a 4.4 kernel and was unable to reproduce this crash. Marking this bug as WontFix.
,
Jan 3
(For future reference the PoC can be found at https://lkml.org/lkml/2018/11/20/580) |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by zsm@chromium.org
, Dec 20Status: Assigned (was: Untriaged)