I've used Smatch to fix a bunch of buffer range checking bugs (at least 50 since January). But I didn't get any CVEs. Actually most of them weren't exploitable.
But yeah. I don't think the fixes on this list were found with static analysis tools. Vasiliy Kulikov just posted a list of eight information leaks and people assumed he used a tool but he did it with grep. It seems to me like you could find a bunch of information leaks automatically but no one has done that yet.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds