| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024080516-wreath-captivity-f832@gregkh> Date: Mon, 5 Aug 2024 20:37:09 +0200 From: Greg KH <gregkh@...uxfoundation.org> To: LidongLI <wirelessdonghack@...il.com> Cc: kvalo@...nel.org, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, linux-wireless@...r.kernel.org, mark.esler@...onical.com, stf_xl@...pl Subject: Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability On Mon, Aug 05, 2024 at 04:33:39PM +0800, LidongLI wrote: > ### Tips for Strengthening Your Argument > > 1. **Provide Evidence**: Include logs, stack traces, or any crash reports that underscore the vulnerability's impact. > 2. **Highlight Real-World Scenarios**: Describe how the vulnerability can be exploited in practical, real-world situations. > 3. **Be Precise and Clear**: Use technical terminology appropriately and explain any assumptions or configurations required to trigger the vulnerability. > 4. **Emphasize Risk**: Stress how easy it is for an attacker to achieve their goals once the Udev rule is modified, even if it's a non-default configuration. > > Remember, the goal is to present the vulnerability convincingly as a security risk that needs to be tracked and addressed with a CVE assignment. Note, please work with your professor who has assigned you this task to not actually include the task assignment in the emails you send out. This didn't help any :) good luck on your grade! greg k-h
Powered by blists - more mailing lists