On Thu, Nov 12, 2015 at 02:05:08PM -0800, Stephen Hemminger wrote: > Looking at the Coverity scan for DPDK, it looks like all the base > drivers are marked to be ignored. > > Although the changes to base drivers should not be done directly through > DPDK list. I think it is still valuable to have these driver scanned and > notify (badger) the vendors to fix there code. > > Since lots of the bugs could be there, just blindly ignoring warnings > and issues is being naive.
I am with Stephen. Ignoring base driver vulns is a bad practice. With these L1-L4 bugs the chances are good somebody could trigger these and find 0days using tools as old and simple as this one: http://isic.sourceforge.net/ Matthew.
