Embark on a hands-on journey exploring the process of addressing security vulnerabilities in open source projects using OSS-Fuzz reports. Learn how to leverage debugging skills, programming knowledge, and collaboration with maintainers to contribute to important open source projects. Follow along as the speaker shares their experience fixing CVE-2021-45940 based on OSS-Fuzz reports 40868 and 40957. Discover practical steps for using reproducers provided by OSS-Fuzz to aid in debugging, identifying root causes, and navigating the process of submitting patches to the Linux Kernel Mailing List (LKML) for code review. Gain insights into the significance of OSS-Fuzz in improving open source software quality and be inspired to get involved in contributing to open source projects through this accessible approach.
Overview
Syllabus
From an OSS-Fuzz Report to LKML Patch Submission: A Hands-on Journey - Shung-Hsi Yu, SUSE
Taught by
Linux Foundation