CVE-2015-5366 and CVE-2016-2184

[Borna5356]

CVE-2015-5366 : This is a vulnerability that affects the UDP stack and can cause a Denial of Service.

CVE-2016-2184: This is a vulnerability that is impacts the USB audio connection causing a null pointer error resulting in a Denial of Service.

[724jth]

I think you meant function not funcrtion.

[jym2584]

CVE-2016-2184: 2 upvotes. I think it's interesting to learn more about hardware vulnerabilities that affect the linux kernel
CVE-2015-5366: 1 upvote. Interesting read for passing in the incorrect checksum. I remember encountering a similar issue before during my internship which ran incorrect file integrity checks

[jym2584]

I would replace this with ["net", "subsystem"] to adhere to the required syntax

[jym2584]

Typo (by)
I think it would also be good to provide a source

[jym2584]

linux*

[jym2584]

I think the description would be better clarified since the issues described in the git diff and patch notes could lead to a denial of service by causing an EPOLLET epoll application read outage when there's an incorrect checksum in a UDP packet.

[jym2584]

Are you able to link the twitter message?

[jym2584]

interrupting

[jym2584]

threat

[jym2584]

framework

[jym2584]

This should just be sound

[nolan-white]

I second this.

[andymeneely]

Looks like you had the same mistake 28x lol. Should be an easy fix to get the yaml parsing. If you've cloned locally, I recommend using the YAML extension for VS Code to find your syntax errors. Well done, though!

[andymeneely]

Make sure you indent this text - that's probably why the yaml is broken

[andymeneely]

Suggested change

	code_answer:
	Returns -EAGAIN to the application even if recieve queue is not empty.
	This breaks the application using edge trigger epoll()
	code_answer: |
	Returns -EAGAIN to the application even if recieve queue is not empty.
	This breaks the application using edge trigger epoll()

[andymeneely]

Suggested change

	answer:
	The vulnerability was found in a twitter message where the security team was
	contacted to create the CVE,
	answer: |
	The vulnerability was found in a twitter message where the security team was
	contacted to create the CVE,

[andymeneely]

Suggested change

	note:
	The reason why this bug can be discovered automatically is because the
	bug causes a DOS attack because it causes an infinite loop making it so
	that users can't get acces to the data. This can be tested automatically
	by tesitng edge cases for return values.
	note: |
	The reason why this bug can be discovered automatically is because the
	bug causes a DOS attack because it causes an infinite loop making it so
	that users can't get acces to the data. This can be tested automatically
	by tesitng edge cases for return values.

[andymeneely]

Suggested change

	note:
	there was no violation of a specification as the bug appeared from not
	properly checking and validating the result before returning it.
	note: |
	there was no violation of a specification as the bug appeared from not
	properly checking and validating the result before returning it.

[andymeneely]

Suggested change

	note:
	This is because the user might not be able to connect to the application
	via USB and be able to use the audio.
	note: |
	This is because the user might not be able to connect to the application
	via USB and be able to use the audio.

[andymeneely]

Suggested change

	note:
	This is because the bug impacts the usb connection which transfers data using packets
	note: |
	This is because the bug impacts the usb connection which transfers data using packets

[andymeneely]

Suggested change

	note:
	The only fix that was needed was to make sure that there were more than
	one endpoints.
	note: |
	The only fix that was needed was to make sure that there were more than
	one endpoints.

[andymeneely]

Suggested change

	note: The reason the error was happening was because there was nothing checking
	the endpoint value
	note: |
	The reason the error was happening was because there was nothing checking the
	endpoint value

[andymeneely]

Suggested change

	answer:
	The main mistake that was made in this application was not sanitizng
	the inputs to check and see if there was moe than one endpoint connected
	via USB
	answer: |
	The main mistake that was made in this application was not sanitizng
	the inputs to check and see if there was moe than one endpoint connected
	via USB

[nolan-white]

This is just the CVE description. The instructions say to remove references to versions, specific filenames, and other jargon, and explain it in your own words, so I would suggest rewriting this section.

[nolan-white]

Also if I am interpreting this correctly, is the idea that you could craft a USB sound device that consistently crashes the computer when you plug it in? If so that's a pretty neat vulnerability. Leans into the side-channel attacks we talked about in class.

[nolan-white]

This didn't work when I tried to access it via https://bugzilla.kernel.org/show_bug.cgi?id=971125. Was this perhaps on Red Hat's or another distribution's bugzilla.

[nolan-white]

This probably shouldn't reference specific functions and variable names, but instead describe them at a higher-level for the reader.

[nolan-white]

fix is missing its Boolean value. Also the notes in this section should describe if unit tests existed for this code before and after the fix, not the fix itself.

[nolan-white]

Typo in "frramework". Also I would suggest replacing the variable name with a high-level description of what that variable represents.

[nolan-white]

This is asking about a specific specification being violated. Are you referring to a particular specification here?

[nolan-white]

Missing period at end of sentence.

[nolan-white]

Typo in "ture".

[nolan-white]

"usb" should be "USB". Also missing period at end of sentence.

[nolan-white]

Typo in "explaing".

[nolan-white]

Typo in "sanitizng". Also missing period at end of sentence.

[nolan-white]

7 upvotes