Link to oss-security thread on CVE-2022-0185

content/posts/floss-security.gmi

@@ -168,6 +168,7 @@ Fuzzing frequently catches bugs that are only apparent by running a program, not
 
 A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the syzkaller kernel fuzzer.
 
+=> https://www.openwall.com/lists/oss-security/2022/01/18/7 oss-security: Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
 => https://github.com/google/syzkaller Syzkaller
 
 The process was documented on Will's Root:

content/posts/floss-security.md

@@ -132,7 +132,7 @@ If you want to get started with fuzzing, I recommend checking out [the quick-sta
 
 ### Example: CVE-2022-0185
 
-A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
+A recent example of how fuzzing helps spot a vulnerability in an open-source project is [CVE-2022-0185](https://www.openwall.com/lists/oss-security/2022/01/18/7): a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
 
 [CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers](https://www.willsroot.io/2022/01/cve-2022-0185.html)