lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251030183621.39ea843ebba82ae133b2b38b@linux-foundation.org>
Date: Thu, 30 Oct 2025 18:36:21 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Big Sleep <big-sleep-vuln-reports@...gle.com>
Cc: Mike Rapoport <rppt@...nel.org>, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org, "Matthew Wilcox (Oracle)"
 <willy@...radead.org>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Subject: Re: Oops in secretmem_fault()

On Thu, 30 Oct 2025 16:34:29 +0100 Big Sleep <big-sleep-vuln-reports@...gle.com> wrote:

> Hello Mike and Andrew,
> 
> we found a bug in secretmem_fault() - please see below for details!
> 
> --Google Big Sleep

Didn't know about this - it looks neat.

https://issuetracker.google.com/issues/430375499

: Big Sleep is a collaboration between Google Project Zero and Google
: DeepMind to build an agentic AI system to help automate software
: vulnerability research

>
> ## Reporter Credit
> 
> Google Big Sleep
> 

You might want to include a token here so we (you!) can track the
report through to its resolution.  See what the sysbot people are
doing.  For example,

https://lkml.rescloud.iu.edu/2408.2/07972.html included:

: IMPORTANT: if you fix the issue, please add the following tag to the commit:
: Reported-by: syzbot+5054473a31f78f735416@...kaller.appspotmail.com

and when Dmitry fixed this he included that info in the patch metadata:

https://lore.kernel.org/all/20251028101447.693289-1-dmantipov@yandex.ru/T/#u

and that Reported-by: will be carried all the way into the mainline tree.


btw, it would be nice to Cc some human on these reports.  One cannot
be very confident that emails sent to big-sleep-vuln-reports@...gle.com
will actually be read by someone.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ