| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160119145609.1238be62@lxorguk.ukuu.org.uk> Date: Tue, 19 Jan 2016 14:56:09 +0000 From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> To: Dan Carpenter <dan.carpenter@...cle.com> Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: 2015 kernel CVEs On Tue, 19 Jan 2016 14:28:12 +0300 Dan Carpenter <dan.carpenter@...cle.com> wrote: > I like to look back over old CVEs to see how we could do better. Here > is the list from 2015. I got most of this information from the Ubuntu > CVE tracker. Thanks Ubuntu!. If it doesn't have a hash that means it > might not be fixed yet. That's the list of bugs originating in 2015. You need to go back further to see some of the fun ones still present (CVE-2013-7445 for example) > There was only a coupls CVEs that looks like they came from a filesystem > fuzzer where you create a corrupt filesystems and then try use them. > There was only one that might have come from a USB fuzzer. We probably > should be testing those things better. There are a bunch of those ignored in Bugzilla for years. I think the ones for the mainstream file systems have all been tackled but things like reiserfs don't survive fuzzing too well, which is a problem if your distribution naïvely builds in automounting support for people rooting your box via USB stick. Alan
Powered by blists - more mailing lists