Bug 1647289 (CVE-2018-9385) - CVE-2018-9385 kernel: Out-of-bounds write due to incorrect bounds check in drivers/amba/bus.c:driver_override_store()
Summary: CVE-2018-9385 kernel: Out-of-bounds write due to incorrect bounds check in dr...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-9385
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1653266
Blocks: 1647290
TreeView+ depends on / blocked
 
Reported: 2018-11-07 04:08 UTC by Sam Fowler
Modified: 2021-10-25 22:21 UTC (History)
45 users (show)

Fixed In Version: kernel 4.17-rc3
Doc Type: If docs needed, set a value
Doc Text:
It was found that the Linux kernel is vulnerable to an out-of-bounds buffer write due to incorrect bounds check in driver_override_store() function in drivers/amba/bus.c. This can lead to a memory corruption, a system panic, and to a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
Clone Of:
Environment:
Last Closed: 2021-10-25 22:21:41 UTC
Embargoed:

Attachments (Terms of Use)

Description Sam Fowler 2018-11-07 04:08:06 UTC 
It was found that the Linux kernel is vulnerable to an out-of-bounds buffer write due to incorrect bounds check in drivers/amba/bus.c:driver_override_store() function. This can lead to a memory corruption, a system panic and to a denial-of-service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Reference:

https://lore.kernel.org/patchwork/patch/876235/

https://source.android.com/security/bulletin/pixel/2018-06-01#kernel-components

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2ffed5185df9d8d9ccd150e4340e3b6f96a8381
Note You need to log in before you can comment on or make changes to this bug.