CVE-2017-5548 and CVE-2016-5728 #198
Conversation
cves/kernel/CVE-2016-5728.yml
Outdated
| answer: | ||
| note: | ||
| answer: True | ||
| note: Two people had signed off on the commit that fixed the issue. |
There was a problem hiding this comment.
Who were the developers that signed off on the fix?
| @@ -184,8 +193,10 @@ specification: | |||
|
|
|||
| The answer field should be boolean. In answer_note, please explain | |||
| why you come to that conclusion. | |||
| note: | |||
| answer: | |||
| note: | | |||
There was a problem hiding this comment.
I would suggest changing the writing perspective here to third-person.
cves/kernel/CVE-2016-5728.yml
Outdated
| @@ -55,7 +55,11 @@ description_instructions: | | |||
|
|
|||
| Your target audience is people just like you before you took any course in | |||
| security | |||
| description: | |||
| description: A race condition in one of the functions in a certain driver that allows | |||
There was a problem hiding this comment.
I think readers would appreciate context about the driver the vulnerability existed in. It would make it feel more real and interesting.
There was a problem hiding this comment.
I agree with this assessment; however, it's important to keep in mind that the description is not supposed to contain information that is too far beyond our target audience and should not include terms that people outside the project would fail to understand.
cves/kernel/CVE-2016-5728.yml
Outdated
| description: | ||
| description: A race condition in one of the functions in a certain driver that allows | ||
| users to obtain senstive information from memory or cause memory corruption or a system | ||
| crash. If the user modifies the header of a file, the function might incorrectly fetch |
There was a problem hiding this comment.
Were any examples given of how a user could modify the header file could be modified to cause this vulnerability? The way it is described here sounds to me like a developer would have to update the header source code file, but that wouldn't affect code until the program is recompiled so it leaves me wondering how this would occur.
| contest: | ||
| developer: | ||
| autodiscoverable: | ||
| answer: | |
There was a problem hiding this comment.
Who is "them"? The developers or an outside source? If it's the developers the developer field should probably be updated to true.
cves/kernel/CVE-2016-5728.yml
Outdated
| answer: True | ||
| note: | | ||
| This fix involves changing a variable if the check was passed. Once this variable is | ||
| changed to a certain value, it can then be written over correclty, or get used with the |
| @@ -448,7 +475,10 @@ mistakes: | |||
|
|
|||
| Write a thoughtful entry here that people in the software engineering | |||
| industry would find interesting. | |||
| answer: | |||
| answer: | | |||
There was a problem hiding this comment.
The first sentence feels like a bullet point. I would suggest changing this to flow like a paragraph all the way through.
|
2 Upvotes each. |
cves/kernel/CVE-2016-5728.yml
Outdated
| @@ -55,7 +55,11 @@ description_instructions: | | |||
|
|
|||
| Your target audience is people just like you before you took any course in | |||
| security | |||
| description: | |||
| description: A race condition in one of the functions in a certain driver that allows | |||
There was a problem hiding this comment.
I agree with this assessment; however, it's important to keep in mind that the description is not supposed to contain information that is too far beyond our target audience and should not include terms that people outside the project would fail to understand.
cves/kernel/CVE-2016-5728.yml
Outdated
| developer: | ||
| autodiscoverable: | ||
| answer: | | ||
| '2016-04-18' An email was sent that detailed them finding the bug while examining |
There was a problem hiding this comment.
Where was this email hosted?
cves/kernel/CVE-2016-5728.yml
Outdated
| note: | ||
| answer: False | ||
| note: | | ||
| This function does not comminicate with any other process or system, it's an |
There was a problem hiding this comment.
Communicate is misspelled here.
cves/kernel/CVE-2016-5728.yml
Outdated
| discussed_as_security: True | ||
| any_discussion: False | ||
| note: | | ||
| This was discussed only one time, but no back and forth discussion. An email was |
There was a problem hiding this comment.
Would this qualify more as a report rather than a discussion?
| stacktrace_with_fix: False | ||
| note: | | ||
| No stacktraces were found, however there might have been one since the original | ||
| person that found the fix knew specific line numbers that pointed out the issues in the |
There was a problem hiding this comment.
Good observation here. They may have also debugged the kernel themselves before reporting.
cves/kernel/CVE-2017-5548.yml
Outdated
| answer: | ||
| note: | ||
| answer: True | ||
| note: Two people signed off on this commit as well as a cc to [email protected]. |
There was a problem hiding this comment.
Who were the people that signed off on this? Was one of them the original developer for the commit?
cves/kernel/CVE-2017-5548.yml
Outdated
| any_stacktraces: False | ||
| stacktrace_with_fix: False | ||
| note: | | ||
| I tried checking all commits and CVE descriptions as well as dev notes. I did not |
There was a problem hiding this comment.
Consider changing this to the third person. Consider expanding dev developer for formal documentation.
cves/kernel/CVE-2017-5548.yml
Outdated
| note: | ||
| answer: False | ||
| note: | | ||
| Doesn't seem like an order of operations, more of a problem with memory allocation |
There was a problem hiding this comment.
Many notes are written in a passive voice. Consider removing phrases such as "Doesn't seem" to instill a more confident tone.
cves/kernel/CVE-2017-5548.yml
Outdated
| note: | ||
| applies: True | ||
| note: | | ||
| There seems to be added environmental variable that have been added in order to |
There was a problem hiding this comment.
This needs to be changed to either "an added environmental variable" or "added environmental variables" in order to make sense. Not sure if this is trying to refer to one or multiple. Consider changing the wording to remove the second added to something along the lines of "An environmental variable was added in order to fix the memory allocation problems."
cves/kernel/CVE-2017-5548.yml
Outdated
| @@ -450,7 +475,10 @@ mistakes: | |||
|
|
|||
| Write a thoughtful entry here that people in the software engineering | |||
| industry would find interesting. | |||
| answer: | |||
| answer: | | |||
| Failing to properly manage memory in the buffer. This can allow people to exploit | |||
There was a problem hiding this comment.
Consider adding a designation wether this was caused primarily by a slip, lapse or planning error.
Completed investigations for both CVEs assigned to me.