[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Trying to send mail to Broadcom
From:       Tony Naggs <tonynaggs () gmail ! com>
Date:       2013-05-27 8:55:05
Message-ID: CAK0b=2eoYG=YRKc5gNb0N+xF4UX=+5S0qtu1KvTAZEBhtfB3uw () mail ! gmail ! com
[Download RAW message or body]

On 3 May 2013 23:22, Jann Horn <jann@thejh.net> wrote:
> So, I found a vuln for overwriting kernel memory in kernel code by Broadcom for the
> Raspberry Pi (afaik not in the official kernel sources, just in the patched
> kernel sources for the raspberry pi). It requires you to be in the "video" group,
> so it's not very interesting, I think, but I thought, hey, before you share your
> PoC for causing a kerneloops with FD, maybe you should contact Broadcom and tell
> them so they have a chance to write a fix!

If you didn't make any progress with contacting Broadcom in the
meantime I have a couple of suggestions ...

1. The security@ mailbox gets to the right people at some companies.

2. The main guy behind Rasberry Pi, Eben Upton, works at Broadcom, so
you could ask them for advice on reporting the issue.

Cheers,
Tony

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]