oss-sec mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Thu, 28 Feb 2013 00:24:09 +0100
On Thu, Feb 28, 2013 at 12:07 AM, Greg KH <greg () kroah com> wrote:
Really? Ok then, please go ahead and try doing this yourself if you feel it is so "obvious" to do.
I did yesterday, actually. I saw some commit that said "use after free!", saw that it was triggerable by an unpriv'd user, and sent it into the list. Kurt took a look at it, agreed with the assessment, and assigned a CVE. The commit itself said "use after free" -- I didn't even have to do any heavy lifting or hair-splitting investigation.
Kernel developers are super smart -- some of the brightest guys out there.Nope, we are dumb, we do uninteresting, boring work, dealing with broken hardware and demanding users every day. If we were smarter, we wouldn't be doing this type of thing.
Come on...
Current thread:
- Re: handling of Linux kernel vulnerabilities, (continued)
- Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 04)
- Re: handling of Linux kernel vulnerabilities Noel Butler (Mar 05)
- Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 05)
- Re: handling of Linux kernel vulnerabilities Alton Moore (Mar 05)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 05)
- Re: handling of Linux kernel vulnerabilities Andreas Ericsson (Mar 04)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)