Category: Assistant Professor (Titular de Universidad) Phone: +34 963 879 218 / Internal: 79218 / Fax+34 963 877 579 Email: iripoll@upv.es Location: Room 3N12, Building 1G, Universitat Politècnica de València. |
CVE | Product | Description | Vulnerability/Weakness | CVSS | |
---|---|---|---|---|---|
v2.0 | v3.0 | ||||
CVE-2016-4484 | Cryptsetup(Initrd) | Incorrect error handling | Not failing securely | 7.2 | 6.8 |
CVE-2016-3672 | Linux kernel | Disable ASLR | ASLR Weakness | 4.6 | 7.8 |
CVE-2015-8370 | GRUB2 | Integer overflow | IX Jornadas STIC CCN-CERT | 6.9 | |
CVE-2015-1593 | Linux Kernel | Integer overflow | Reduced randomised range | 5.0 | |
CVE-2015-1574 | Email Android | Denial of Service | Incorrect headers handling | 5.0 | |
CVE-2013-6825 | DCMTK | Root privilege escalation | Drop privileges failed | 7.2 | |
CVE-2013-4788 | Glibc | Weak pointer protection | Improper Input Validation | 5.1 | |
CVE-2013-6876 | s3dvt | Root shell (I) | Drop privileges failed | N.A. | |
CVE-2014-1226 | s3dvt | Root shell (II) | Drop privileges failed | N.A. | |
CVE-2014-5439 | sniffit | Root shell | Stack buffer overflow | N.A. |
Product | Description | Vulnerability/Weakness |
---|---|---|
Linux kernel | Reduced mmap entropy | Improper mask manipulation |
Glibc | Bypass pointer guard | Improper Input Validation |
Linux Kernel | AMD Bulldozer ASLR | Reduced randomization |
Bash | Root shell | Drop privileges failed |
Bash | Crash | Improper input handling |
The dynamic memory allocation (malloc/free) is a technique widely used since the very beginning of the computer science. It was deeply studied during the 60 and 70, mainly with the intention to address the fragmentation problem. Later the goal was to speed-up the temporal cost of the operations (allocate and de-allocate). Despite the many research efforts, it is still an open problem that is waiting to be better settled.
A mayor breakthrough was achieved a few years ago: the design of the TLSF (Two Level Segregate Fit) allocator. It is a fast, constant time allocator with a very low fragmentation.
Basically, there are two problems regarding dynamic memory: fragmentation and temporal efficiency. There exists many misconceptions around DMA, one of them was that lower fragmentation can be achieved by more complex and costly algorithms. For example it is generally accepted that the policy "best-fit" causes less fragmentation, but it is not true!.
More...?The question to answer is: Given a periodic task set. Is it feasible?
This problem is the first issue that must be addressed if we want to use the EDF in a real-time system. Once we know how to analyse the schedulability of a basic task set, then it is possible to extend the solution to include more restrictions like precedence constrains between tasks, context switch overhead, or mutual exclusive resources.
The first solution to this problem was propossed in 200? by San joy Barhua. Three years latter I proposed another solution based on a completely different property. This new solution paved the way for the optimal aperiodic service for EDF.
More...?First of all: What is the hyper-period?: The hyper-period is the smallest interval of time after which the periodic patterns of all the tasks are repeated. It is typically defined as the LCM (least common multiple) of the periods of the tasks (in a periodic task system).
A small hyper-period value has several applications in several fields of real-time scheduling:
But what would occur if the periods were not an integer number but defined as a range of valid values. That is, a period is defined as a nominal value and a tolerance. In fact, this is the normal way of dealing with the physical magnitudes commonly used by engineers and physics.
What is , is that with this "engineering" definition of period, it is possible to exponentially reduce the value of the resulting hyper-period.
More...?