Announcement

**Space Heater** · 20 February 2019, 04:27 PM

While obviously a vulnerability isn't good, it is nice to see that kernel testing is finding these things.

**Leprechaunius** · 20 February 2019, 05:09 PM

If it has been there since 2.6.x, why hasn't it been spotted until now? It's not like Kasan is a brand new tool.

**davidbepo** · 20 February 2019, 05:16 PM

well that socks

**Murple** · 20 February 2019, 05:21 PM

So Huawei are making us more secure? What crazy times we live in

**cybertraveler** · 20 February 2019, 05:23 PM

Isn't the news or the American government pushing the story that "Huawei are evil!!!!" right now?

Meanwhile... Huawei have just found and reported a serious Linux vulnerability. Thanks guys

**Murple** · 20 February 2019, 05:37 PM

Originally posted by cybertraveler View Post

Isn't the news or the American government pushing the story that "Huawei are evil!!!!" right now?

Meanwhile... Huawei have just found and reported a serious Linux vulnerability. Thanks guys

The same in the UK, "we can't trust them, they are an arm of the chinese state" etc etc. Our governments aren't pissed about the possibility of backdoors in their hardware, they are pissed because Huawei won't put backdoors in for western agencies. Ironically I think the Chinese state are really interested in the commercial success of their technology companies and this probably makes them think twice about jeopardising their efforts with security holes. They even do capitalism better than us jeez that's embarrassing

Of course on the other hand maybe Huawei are just getting rid of all their dirty laundry now and publicly outing their exploits before someone else does

**SofS** · 20 February 2019, 05:52 PM

Speculating conspiracies will lead us nowhere, it could be a decoy, it could be actual good faith, it could be one branch doing something the other does no know, it could even be counter espionage by revealing a vulnerability they were exploring when they noticed someone else else using it.

What this kind of discussion does prove is that we should really be more concerned about two things, open and verifiable systems on one hand, and actually verifying them on the other.

Even regarding normal performance benchmarks we are lacking, case in point all the regressions Michael here has been spotting as we see often on his benchmarks.

**Murple** · 20 February 2019, 06:10 PM

You're right it could be many things, but speculating wildly is kinda enjoyable so don't take that away from me!

The rest of your points are spot on tho

**coder** · 20 February 2019, 08:19 PM

Originally posted by cybertraveler View Post

Isn't the news or the American government pushing the story that "Huawei are evil!!!!" right now?

Meanwhile... Huawei have just found and reported a serious Linux vulnerability. Thanks guys

You're very trusting. I wonder if they might've previously known about it and are just now publicizing these exploits. Or, perhaps they launched an initiative to find such bugs in other products to help their own reputation.

We don't know what we don't know. No matter what Huawei says or does, I wouldn't entrust critical infrastructure to state-owned tech companies. In fact, no matter who builds it, I think the hardware and software sources should be kept in escrow, if not entirely open source.

Announcement

KASAN Spots Another Kernel Vulnerability From Early Linux 2.6 Through 4.20

KASAN Spots Another Kernel Vulnerability From Early Linux 2.6 Through 4.20

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment