oss-sec mailing list archives
Reporting and disclosing Linux kernel vulnerabilities
From: Andrey Konovalov <andreyknvl () gmail com>
Date: Fri, 4 Aug 2017 18:59:15 +0200
Hi! It's not completely clear to me how to properly report and disclose Linux kernel security issues. There are a few different parties [1, 2, 3] that need to be informed and coordinated. I couldn't find a publicly available actionable list of steps, so I've outlined it as I see it here: https://github.com/google/syzkaller/blob/master/docs/linux_kernel_reporting_bugs.md#reporting-security-bugs Thoughts? Comments? Thanks! [1] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html [2] http://oss-security.openwall.org/wiki/mailing-lists/distros [3] http://oss-security.openwall.org/wiki/mailing-lists/oss-security
Current thread:
- Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Kurt Seifried (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Solar Designer (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov (Sep 01)
- Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)