Link to oss-security thread on CVE-2022-0185

2024-09-19 20:02:10 +00:00 · 2022-02-03 22:29:46 -08:00 · 2022-02-03 22:29:46 -08:00 · 65ef073088
commit 65ef073088
parent bbfcef2370
2 changed files with 2 additions and 1 deletions
--- a/content/posts/floss-security.gmi
+++ b/content/posts/floss-security.gmi
@ -168,6 +168,7 @@ Fuzzing frequently catches bugs that are only apparent by running a program, not

 A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the syzkaller kernel fuzzer.

+=> https://www.openwall.com/lists/oss-security/2022/01/18/7 oss-security: Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
 => https://github.com/google/syzkaller Syzkaller

 The process was documented on Will's Root:
--- a/content/posts/floss-security.md
+++ b/content/posts/floss-security.md
@ -132,7 +132,7 @@ If you want to get started with fuzzing, I recommend checking out [the quick-sta

 ### Example: CVE-2022-0185

-A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
+A recent example of how fuzzing helps spot a vulnerability in an open-source project is [CVE-2022-0185](https://www.openwall.com/lists/oss-security/2022/01/18/7): a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:

 [CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers](https://www.willsroot.io/2022/01/cve-2022-0185.html)