oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)

From: Solar Designer <solar () openwall com>
Date: Sat, 1 Feb 2014 03:02:32 +0400
On Sat, Feb 01, 2014 at 11:24:37AM +1300, Matthew Daley wrote:

Reported by pageexec at
https://code.google.com/p/chromium/issues/detail?id=338594, which is
restricted, so here's the full report:


Was this was reported to the Chromium bugtracker in the first
instance? If so, why? I can't see what the relation between Chromium
and Linux kernel issues would be, unless I suppose it was found
through work on sandboxing/NaCl/seccomp.

(Not assuming or implying anything at all, I'm just confused!)


Google is offering bounties for responsible disclosure of bugs in
Google's software, and I guess this includes use of Linux kernel by
Chromium OS.  (I don't know if this specific vulnerability was relevant
to Google's products, but I wouldn't be surprised if Google is generous
enough to pay a bounty anyway.)

On a related note, Google is also offering bounties for security
enhancements to some Open Source projects once such enhancements are
accepted upstream.  This includes Linux kernel and many more:

http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html

... but finding a vulnerability would probably not fall under the latter
program.

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: