Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2016-9754 and CVE-2022-0516 #225

Open
wants to merge 20 commits into
base: dev
Choose a base branch
from
Open

CVE-2016-9754 and CVE-2022-0516 #225

Changes from 1 commit
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
e268ed5
Update Curation Level to 2
evstod Nov 10, 2023
ed022af
CVE-2022-0516 yml filled
evstod Nov 11, 2023
2c1bfa7
Remove unintned upvotes
evstod Nov 11, 2023
53cbbf9
CVE-2016-9754 yml filled
evstod Nov 11, 2023
f44635f
Fix tabbing in CVE-2022-0516 interesting_commits
evstod Nov 11, 2023
b4b960e
fix booleans to succeed checks
evstod Nov 11, 2023
28a4b0c
fix unit_tested, sandbox, i18n, and ipc notes
evstod Nov 11, 2023
6316e0f
Fix vccs quotes
evstod Nov 11, 2023
773e65c
fix specification answer
evstod Nov 11, 2023
34ee0ca
fix autodiscoverable answer
evstod Nov 11, 2023
29c9f41
CVE-2016-9754 specifications typo fix
evstod Nov 13, 2023
1175637
Redefine "buffer overflow" as "integer overflow
evstod Nov 13, 2023
5087cc0
Fix missing char in VCC commit id CVE-2022-0516
evstod Nov 13, 2023
e0c2ff1
fix broken fix commit id
evstod Nov 13, 2023
afd6a55
CVE-2016-9754 change ipc answer to false.
evstod Nov 13, 2023
ed241d3
Revert "CVE-2016-9754 change ipc answer to false."
evstod Nov 13, 2023
6583634
Change upvotes to 2
evstod Nov 13, 2023
997a01f
Add upvotes
evstod Nov 13, 2023
82cd6a9
Update upvotes
evstod Nov 15, 2023
86d3715
upvotes & type fixes
evstod Nov 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix autodiscoverable answer
  • Loading branch information
@evstod
evstod committed Nov 11, 2023
commit 34ee0ca496eec365a3d679547e86e03cd5e7821f
4 changes: 2 additions & 2 deletions cves/kernel/CVE-2016-9754.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,8 +171,8 @@ autodiscoverable:

The answer field should be boolean. In answer_note, please explain
why you come to that conclusion.
note: true
answer: 'Buffer overflows can be found by automated tools.'
note: 'Buffer overflows can be found by automated tools.'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a buffer overflow, but rather an integer overflow - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6

This, under certain situations, can still be found by certain automated testers such as syzkaller

Copy link
Author

@evstod evstod Nov 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. The integer in question controls the buffer size for the ring buffer, which caused me to misidentify the issue. Fixed the note.

answer: true
specification:
instructions: |
Is there mention of a violation of a specification? For example, the POSIX
Expand Down