Hi Kees, I'm a Linux kernel contributor. I have two patches in mainline: an ext4 bounds check fix merged in 7.0-rc6, and a race condition use-after-free fix in ocfs2 currently in Andrew Morton's mm tree.
The Mythos announcement has made clear that the class of bugs KSPP is hardening against such as race condition UAFs, bounds overflows and KASLR bypasses, are now automatically exploitable at scale. My ocfs2 fix was exactly a race condition UAF in the mmap fault path, so I have direct hands-on experience with this bug class. I'd like to contribute more systematically to KSPP. Looking at the open issues on github.com/KSPP/linux, the __counted_by annotation work and flexible array member conversions seem like high-impact areas where I could contribute. Is that where new contributors are most needed right now, or is there something more pressing given the current threat landscape? Tejas Bharambe [email protected]
