Kernel vulnerabilities: old or new?
Posted Oct 20, 2010 5:18 UTC (Wed) by error27
In reply to: Kernel vulnerabilities: old or new?
Parent article: Kernel vulnerabilities: old or new?
I've used Smatch to fix a bunch of buffer range checking bugs (at least 50 since January). But I didn't get any CVEs. Actually most of them weren't exploitable.
But yeah. I don't think the fixes on this list were found with static analysis tools. Vasiliy Kulikov just posted a list of eight information leaks and people assumed he used a tool but he did it with grep. It seems to me like you could find a bunch of information leaks automatically but no one has done that yet.
to post comments)