Beck Anderson CVE-2013-2058 & CVE-2019-20636 Request #164
Conversation
…there was the issue
cves/kernel/CVE-2013-2058.yml
Outdated
| hexademical string/ | ||
|
|
||
| Place any notes you would like to make in the notes field. | ||
| bugs: [959210] |
There was a problem hiding this comment.
According to bugzilla, this also depends on 959234 and 959235
| fix_answer: | ||
| code: false | ||
| code_answer: "I find it difficult to believe that unit tests were involved with the discovery | ||
| due to how long it took to find the bug and the method of testing. The vulnerability was |
There was a problem hiding this comment.
I would try to stay away from talking in the first person, maybe be a little more firm in your stance as well.
cves/kernel/CVE-2013-2058.yml
Outdated
| answer: "There isn't any specific record of how this vulnerability was discovered. The | ||
| closest record is a message chain on openwall between an individual at Redhat asking to create | ||
| an entry for this vulnerability in response to the bug report on bugzilla.redhat.com. This test | ||
| was most likely found by a developer at for freescale (now NXP). They were the ones to make the |
There was a problem hiding this comment.
I don't think "at for freescale" is intended. Also Freescale should be capitalized.
cves/kernel/CVE-2013-2058.yml
Outdated
| issue and the fix." | ||
| automated: false | ||
| contest: false | ||
| developer: false |
There was a problem hiding this comment.
You said it was likely found by a dev but then marked this false.
cves/kernel/CVE-2013-2058.yml
Outdated
| using a tool. It would require an external device to connect to the port | ||
| and provide data for testing, as well as a program running on the hardware | ||
| being tested. The test device would provide different types of data of different | ||
| sizes and the hardware would report the outcome of the transfer." |
There was a problem hiding this comment.
I would question the plausibility of this. While I agree it would be possible to automate, I would argue that the specific steps to test are very specific and cater to this vulnerability. This would almost require prior knowledge of the vulnerability to create a test if it exists.
| note: | ||
| discussed_as_security: false | ||
| any_discussion: false | ||
| note: "no record of discussions" |
There was a problem hiding this comment.
You previously described a discussion which occurred with NXP folks.
There was a problem hiding this comment.
there wasn't really a discussion about the issue, just a developer at NXP finding it and recommending a fix, which they took. Thank you though!
cves/kernel/CVE-2013-2058.yml
Outdated
| upvotes to each vulnerability you see. Your peers will tell you how | ||
| interesting they think this vulnerability is, and you'll add that to the | ||
| upvotes score on your branch. | ||
| note: "File created with vulnerability in this commit" | ||
| upvotes: |
There was a problem hiding this comment.
I am going to give this a 4 because I like vulnerabilities that include hardware.
cves/kernel/CVE-2019-20636.yml
Outdated
| upvotes_instructions: | | ||
| For the first round, ignore this upvotes number. | ||
|
|
||
| For the second round of reviewing, you will be giving a certain amount of | ||
| upvotes to each vulnerability you see. Your peers will tell you how | ||
| interesting they think this vulnerability is, and you'll add that to the | ||
| upvotes score on your branch. | ||
| upvotes: | ||
| upvotes: 6 |
cves/kernel/CVE-2019-20636.yml
Outdated
| note: | ||
| answer: false | ||
| note: "In the fix for the bug, there was only Dmitry Torokhov in the sign off for | ||
| it in response to the message received alerting about the vulnerability. It |
There was a problem hiding this comment.
This sentence feels a little weird to read. Not sure the best way to rephrase though.
cves/kernel/CVE-2019-20636.yml
Outdated
| answer: true | ||
| note: "Issue was a result of a modification/clearing of the data before | ||
| a couple checks. By moving setting and clearing inside of an already existent | ||
| coule of checks, it prevents the issue if the input would cause problems." |
| an entry for this vulnerability in response to the bug report on bugzilla.redhat.com. This test | ||
| was most likely found by a developer at Freescale (now NXP). They were the ones to make the | ||
| suggestion for the fix which was later signed off on. It is unclear what led them to finding the | ||
| issue and the fix." |
cves/kernel/CVE-2013-2058.yml
Outdated
| answer: true | ||
| note: "This fix was suggested by an employee of freescale (Peter Chen) and then signed off by another member | ||
| of freespace (Fabio Estevam), as well as Greg Kroah-Hartman of the linux foundation. This information is in | ||
| the commit message of the fix." |
There was a problem hiding this comment.
I would just add the link to the discussion here, but it was good to add the names of the developers here.
| note: | ||
| answer: false | ||
| note: \ | ||
| The check could happen at any time, but needs to happen. |
There was a problem hiding this comment.
Not to be nit picky, but ideally it happens before it's sent across the network :)
cves/kernel/CVE-2013-2058.yml
Outdated
| was expected and being more complex than expected. The data should | ||
| be validated when received to ensure it matches what is expected and | ||
| accepted. If it isn't, it should be talked about if that data should | ||
| be understood and processed or be blocked." |
There was a problem hiding this comment.
This was difficult to read and understand. I would rephrase this.
| description: | ||
| description: "In the Linux kernel before version 5.4.12, the file drivers/input/input.c | ||
| can cause out-of-bounds issues via a crafted keycode table. This can result in denial of service | ||
| (crash or memory corruption) or privilege escalation." |
There was a problem hiding this comment.
I'd explain what a keycode table is here.
cves/kernel/CVE-2019-20636.yml
Outdated
| developer: | ||
| answer: "The individual who messaged about the vulnerability was Dmitry Torokhov, | ||
| an individual who was a senior software engineer at Google at the time of the | ||
| discovery." |
There was a problem hiding this comment.
I'd argue this is more about who discovered the vulnerability, not how it was discovered. I could be misinterpreting it, though.
No description provided.