added changes from feedback

VulnerabilityHistoryProject · Nov 26, 2023 · 1682ae8 · 1682ae8
1 parent b743477
commit 1682ae8
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/cves/kernel/CVE-2017-18549.yml b/cves/kernel/CVE-2017-18549.yml
@@ -59,7 +59,8 @@ description:  |
   RAM is (virtually) segregated into two parts, the Kernelspace (where privileged kernel programs and drivers run) 
   and the Userspace (where regular user software runs). In C, an uninitiated variable points to the address allocated in the Kernelspace, 
   and the variable holds whatever was in there from before (which could be sensitive information). 
-  In this vulnerability this uninitialized variable's data is sent from the Kernelspace into the Userspace.
+  In this vulnerability this uninitialized variable's data is sent from the Kernelspace into the Userspace. 
+  This data can contain important information which could be used maliciously if it is passed to the Userspace.
 
 bounty_instructions: |
   If you came across any indications that a bounty was paid out for this
@@ -191,7 +192,7 @@ autodiscoverable:
     It is unlikely that it was discovered through automated means or a fuzzer. 
     This is an issue in the code. It pertains to an uninitialized variable resulting in a memory leak to the userspace. 
     There is no compiler warning or error message indicating that there was a memory leak, 
-    which makes it difficult to automated tools to detect.
+    which makes it difficult to automated tools to detect. (although AddressSantitizer could potencially be used to detect memory leaks).
   answer: false
 specification:
   instructions: |
@@ -378,7 +379,7 @@ stacktrace:
   any_stacktraces: false
   stacktrace_with_fix: false
   note: |
-    None, because the Linux Kernel is written in C.
+    No stack trace was found, probably because the vulnerability involves a data leak which shouldn't result in a compiler error.
 forgotten_check:
   question: |
     Does the fix for the vulnerability involve adding a forgotten check?

diff --git a/cves/kernel/CVE-2018-13406.yml b/cves/kernel/CVE-2018-13406.yml
@@ -365,7 +365,7 @@ stacktrace:
     what your answer was.
   any_stacktraces: false
   stacktrace_with_fix: false
-  note: None, because the Linux Kernel is written in C.
+  note: None were found, Integer overflows can produce stacktraces, howerver, I checked mailing lists and bug reports was unable to find any.
 forgotten_check:
   question: |
     Does the fix for the vulnerability involve adding a forgotten check?