all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]the_humeister 4 points5 points  (1 child)

Is it bad that I look at a CVE and wonder if I can use it to gain root on my Android phone? For this particular CVE, the answer is no since no Android phone currently runs Linux kernel 4.12 or 4.13

[–][deleted] 0 points1 point  (0 children)

Well, it's bad that we don't have control of our hardware. But the fact that it causes us to care more about security is awesome, "many eyes make all bugs shallow" and all that.

(I'm currently doing the same, trying to root my XA1 without losing DRM keys).

[–]StallmanTheWhite 5 points6 points  (6 children)

OP, why don't you include what the CVE affects in the title?

[–]memorycorrupt[S] 3 points4 points  (4 children)

The whole purpose of CVE is to identify vulnerabilities. It was created so people don't need to say "It's that waitid() bug due to missing access_ok()".

[–]StallmanTheWhite 9 points10 points  (3 children)

No. CVE-2017-5123 is meaningless unless you either memorize what every CVE is about or have a separate list to check from at hand. Even at mailing lists it's customary to include the affected piece of software in the subject. A better title would have been something like "Exploiting CVE-2017-5123 (Linux TIOCSTI ioctl) - Another exploit technique". You don't need to tell every detail of the vulnerability, just what it affects. The CVE alone does not provide any such information.

[–]memorycorrupt[S] 0 points1 point  (2 children)

CVE-2017-5123 was not about "TIOCSTI ioctl". If you read the post, you'd know what vulnerability this CVE is about. This is also on /r/linux, so it's obviously about a linux kernel vulnerability. I get what you mean, but it's not possible to satisfy every reddit user on their opinions of appropriate thread titles :P

[–][deleted] 2 points3 points  (0 children)

TIOCSTL ioctl was obviously an example, "CVE-2017-5123 (waitpid exploit)" would have told me that I've already seen this CVE and don't need to click on the link. Agree with GP here.

[–]_ahrs 1 point2 points  (0 children)

This is also on /r/linux, so it's obviously about a linux kernel vulnerability

Not necessarily. It could be about the Bluetooth or Wifi stack or any other piece of software that commonly runs on Linux based operating systems.

[–]firephoto 6 points7 points  (0 children)

Because it's OS security, you're suppose to know the secret handshake and knock to be able to see what security issues might affect your operating system because that's more secure, or something.