lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <tencent_69EF08CD5A280B69E9B808B7F1FE0849B608@qq.com>
Date: Wed, 16 Jul 2025 11:01:16 +0800
From: jackysliu <1972843537@...com>
To: krzk@...nel.org
Cc: 1972843537@...com,
	James.Bottomley@...senPartnership.com,
	anil.gurumurthy@...gic.com,
	linux-kernel@...r.kernel.org,
	linux-scsi@...r.kernel.org,
	martin.petersen@...cle.com,
	sudarsana.kalluru@...gic.com
Subject: Re: [PATCH] scsi:bfa: Double-free vulnerability fix 

On Tue, Jul 15 2025 12:45:00 +0200 Krzysztof Kozlowski wrote:
>You should disclose that you used some AI tool for that... and that
>other report(s) was really fake finding.  People should know you
>generated it with AI, so they could make informed decision whether to
>even allocate time here.

Although this problem was detected with the help of ai and static methods,
I checked the trigger path by myself and verified this problem. 
I'll describe the ways of detection if I find other issues in the future.
Anyway, thanks for your review.

Siyang Liu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ