Bug 1101056 (CVE-2014-3152)

Summary: CVE-2014-3152 v8: integer underflow fixed in Google Chrome 35.0.1916.114
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bdunne, bkearney, bleanhar, cbillett, ccoleman, chrisw, cpelland, dajohnso, dallan, dclarizi, dmcphers, gkotton, gmccullo, jdetiber, jfrey, jialiu, jkeck, jokerman, jomara, jorton, jprause, jrafanie, katello-bugs, kseifried, lhh, lmeyer, markmc, mfeifer, mmaslano, mmccomas, mmccune, obarenbo, rbryant, rhos-maint, sclewis, sgallagh, tcallawa, tchollingsworth, thrcka, tjay, tkramer, tomckay, tomspur, vdanen, xlecauch, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-16 19:13:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1101057, 1101058    
Bug Blocks: 1091840    

Description Murray McAllister 2014-05-26 02:52:56 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-3152 to
the following vulnerability:

Name: CVE-2014-3152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3152
Assigned: 20140503
Reference: http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
Reference: https://code.google.com/p/chromium/issues/detail?id=358057
Reference: https://code.google.com/p/v8/source/detail?r=20363

Integer underflow in the LCodeGen::PrepareKeyedOperand function in
arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in
Google Chrome before 35.0.1916.114, allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
vectors that trigger a negative key value.

It is not clear if the version in Fedora is affected or not.
Comment 1 Murray McAllister 2014-05-26 02:54:55 UTC 
Created v8 tracking bugs for this issue:

Affects: fedora-all [bug 1101057]
Affects: epel-6 [bug 1101058]
Comment 2 Tomas Hoger 2014-06-16 19:13:50 UTC 
This issue is in the ARM-specific code, hence this does not affect any Red Hat product.