To all my fuzzing friends, @jeffball55 wrote up an article on using AFL and KLEE to go after the Linux kernel. https://blog.grimm-co.com/post/analyzing-the-linux-kernel-in-userland-with-afl-and-klee/ … He found an out of bounds read in the ASN.1 decoder which still exists on RHEL 7 despite being patched in the mainline kernel a couple years ago.
-
-
-
Replying to @grsecurity @AdamOfDc949
Thanks, it was a roller coaster experience. I kept finding issues, only to later find patches in the mainline that rhel was missing.
1 reply 2 retweets 4 likes -
It's time for some unfortunate truths: 1) Linux kernel bugs that may turn out to actually be vulnerabilities generally don't get CVEs. 2) RHEL generally only backports patches that have CVEs assigned. What happens when we combine these two pieces of knowledge?
2 replies 14 retweets 25 likes -
Replying to @wdormann @jeffball55 and
2) is clearly incorrect. There are many backports that are not CVE patches, I'd even go as far as to say "most" are not. There is a phase of the lifecycle that is feature enablement. Did I misread you? Disclaimer: I work for RH prodsec doing CVE stuff.
1 reply 0 retweets 0 likes
The point is, if Redhat is backporting anywhere less than 100% of the Linux kernel commits, it is probably missing Linux kernel security fixes due to 1). This isn't RH specific. Just that RH is hit harder due to the practice of using older kernels and selectively backporting.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.