Comment by Skunkleton
5 days ago
In the context of the kernel, it’s hard to say when that’s true. It’s very easy to fix some bug that resulted in a kernel crash without considering that it could possibly be part of some complex exploit chain. Basically any bug could be considered a security bug.
plainly, crash = DoS = security issue = CVE.
QED.
BRB, raising a CVE complaining the OOM killer exists.
Memory leaks are usually (accurately) treated as DoS. OoM killer is a mitigation to contain them and not DoS the entire OS.
I could be wrong. But operation by design isn't considered a bug.
4 replies →
you either get OOMed or next malloc fails and that's also going to wreck havoc