Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Jan 2016 12:49:17 +0100
From: Hanno Böck <>
Subject: Re: 2015 kernel CVEs

On Tue, 19 Jan 2016 14:28:12 +0300
Dan Carpenter <> wrote:

> There was only a coupls CVEs that looks like they came from a
> filesystem fuzzer where you create a corrupt filesystems and then try
> use them.

I tried that, but it didn't lead to any results in the kernel [1].
What I did:
* Use filesystem checking tools (fsck) and fuzz them with afl
* Use the queue created by afl and try to mount these with a
  kasan-enabled kernel

My conclusion was that the filesystem code in the kernel is relatively
robust (at least robust enough for this trivial fuzzing).
But it led to a number of bugs discovered in filesystem fsck tools.

> There was only one that might have come from a USB fuzzer.
> We probably should be testing those things better.

This is surprising to me. There was a talk at black hat amsterdam in
2014 about a project trying to do exactly this. They sounded like they
have dozends of crashers that just need to be sorted and reported
upstream. Here's the code [2] and the talk [3].
Maybe this project has stalled and needs someone to look at it?


Hanno Böck


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.