Date: Tue, 19 Jan 2016 14:56:09 +0000 From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> To: Dan Carpenter <dan.carpenter@...cle.com> Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: 2015 kernel CVEs On Tue, 19 Jan 2016 14:28:12 +0300 Dan Carpenter <dan.carpenter@...cle.com> wrote: > I like to look back over old CVEs to see how we could do better. Here > is the list from 2015. I got most of this information from the Ubuntu > CVE tracker. Thanks Ubuntu!. If it doesn't have a hash that means it > might not be fixed yet. That's the list of bugs originating in 2015. You need to go back further to see some of the fun ones still present (CVE-2013-7445 for example) > There was only a coupls CVEs that looks like they came from a filesystem > fuzzer where you create a corrupt filesystems and then try use them. > There was only one that might have come from a USB fuzzer. We probably > should be testing those things better. There are a bunch of those ignored in Bugzilla for years. I think the ones for the mainstream file systems have all been tackled but things like reiserfs don't survive fuzzing too well, which is a problem if your distribution naïvely builds in automounting support for people rooting your box via USB stick. Alan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.