CVE Publication: CVE 2016-8636

After a long patching process, CVE 2016-8636 was now fixed and can be publicly disclosed. CVE 2016-8636 is caused by a classic integer-overflow vulnerability, showing that even the linux kernel suffers from this major vulnerability family.

Continue reading “CVE Publication: CVE 2016-8636”

CVE Publication: CVE 2016-8633

As I promised in my previous post, here is an official public disclosure of CVE 2016-8633: linux kernel firewire driver remote code execution. The official fix was merged yesterday into the linux kernel, and so I can know talk freely about it.

Continue reading “CVE Publication: CVE 2016-8633”