| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK0b=2eoYG=YRKc5gNb0N+xF4UX=+5S0qtu1KvTAZEBhtfB3uw@mail.gmail.com> Date: Mon, 27 May 2013 09:55:05 +0100 From: Tony Naggs <tonynaggs@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Trying to send mail to Broadcom On 3 May 2013 23:22, Jann Horn <jann@...jh.net> wrote: > So, I found a vuln for overwriting kernel memory in kernel code by Broadcom for the > Raspberry Pi (afaik not in the official kernel sources, just in the patched > kernel sources for the raspberry pi). It requires you to be in the "video" group, > so it's not very interesting, I think, but I thought, hey, before you share your > PoC for causing a kerneloops with FD, maybe you should contact Broadcom and tell > them so they have a chance to write a fix! If you didn't make any progress with contacting Broadcom in the meantime I have a couple of suggestions ... 1. The security@ mailbox gets to the right people at some companies. 2. The main guy behind Rasberry Pi, Eben Upton, works at Broadcom, so you could ask them for advice on reporting the issue. Cheers, Tony _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists