A distribution of Linux Virtual Server with some advanced features. It introduces a new packet forwarding method - FULLNAT other than NAT/Tunneling/DirectRouting, and defense mechanism against synflooding attack - SYNPROXY.
2k
stars
682
forks
source link
Security Vulnerability - Action Required: some unpatched vulnerabilities are detected in your repo #43
Hi,
our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received positive feedback from other projects before.
we have scanned your LVS and found some vulnerabilities, which were confirmed and fixed by linux do not get patched in this repo. Here are some details as follows:
inet_create, inet6_create and inet6_create functions from kernel/.pc/patches.taobao/lvs-toa-rs-export-symbols.patch/net/ipv4/af_inet.c, kernel/.pc/patches.taobao/lvs-toa-rs-export-symbols.patch/net/ipv6/af_inet6.c and kernel/net/ipv6/af_inet6.c respectively, which shares the similarity with CVE-2015-8543 and the patch is https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9
__mptctl_ioctl, mptctl_do_reset, mptctl_fw_download, mptctl_getiocinfo, mptctl_gettargetinfo, mptctl_readtest, mptctl_eventquery, mptctl_eventenable, mptctl_eventreport, mptctl_replace_fw, mptctl_mpt_command, mptctl_hp_hostinfo, mptctl_hp_targetinfo, compat_mptfwxfer_ioctl and compat_mpt_command functions from kernel/drivers/message/fusion/mptctl.c, which shares the similarity with CVE-2020-12652 and the patch is https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b
ext4_ext_split and ext4_ext_split from kernel/fs/ext4/extents.c and kernel/.pc/patches.taobao/ext4-free-allocated-and-pre-allocated-blocks-when-ch.patch/fs/ext4/extents.c respectively, which shares the similarity with CVE-2019-11833 and the patch is https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
snd_seq_client_enqueue_event, kernel_client_enqueue, snd_seq_fifo_event_in, snd_seq_cell_alloc and snd_seq_event_dup functions from kernel/sound/core/seq/seq_clientmgr.c, kernel/sound/core/seq/seq_fifo.c and kernel/sound/core/seq/seq_memory.c respectively, which shares the similarity with CVE-2018-1000004 and the patch is https://github.com/torvalds/linux/commit/7bd80091567789f1c0cb70eb4737aac8bcd2b6b9
ext4_mb_add_groupinfo, ext4_mb_add_groupinfo and ext4_mb_add_groupinfo functions from kernel/fs/ext4/mballoc.c, kernel/.pc/patches.taobao/ext4-use-dedicated-slab-caches-for-group_info-structures.patch/fs/ext4/mballoc.c and kernel/.pc/patches.taobao/ext4-Adding-error-check-after-calling-ext4_mb_regular_allocator.patch/fs/ext4/mballoc.c respectively, which shares the similarity with CVE-2018-10876 and the patch is https://github.com/torvalds/linux/commit/8844618d8aa7a9973e7b527d038a2a589665002c
__ext4_get_inode_loc, __ext4_get_inode_loc and __ext4_get_inode_loc functions from kernel/fs/ext4/inode.c, kernel/.pc/patches.taobao/ext4-Fix-possible-lost-inode-write-in-no-journal-mode.diff/fs/ext4/inode.c and kernel/.pc/patches.taobao/ext4-Fix-buffer-head-leaks-after-calls-to-ext4_get_inode_loc.diff/fs/ext4/inode.c which shares the similarity with CVE-2018-10882 and the patch is https://github.com/torvalds/linux/commit/c37e9e013469521d9adb932d17a1795c139b36db
ext4_xattr_ibody_find and ext3_xattr_ibody_find functions from kernel/fs/ext4/xattr.c and kernel/fs/ext3/xattr.c respectively, which shares the similarity with CVE-2023-2513 and the patch is https://github.com/torvalds/linux/commit/67d7d8ad99be
fib6_rule_action function from kernel/net/ipv6/fib6_rules.c, which shares the similarity with CVE-2023-3022 and the patch is https://github.com/torvalds/linux/commit/a65120bae4b7
We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!
Hi, our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received positive feedback from other projects before. we have scanned your LVS and found some vulnerabilities, which were confirmed and fixed by linux do not get patched in this repo. Here are some details as follows:
inet_create
,inet6_create
andinet6_create
functions fromkernel/.pc/patches.taobao/lvs-toa-rs-export-symbols.patch/net/ipv4/af_inet.c
,kernel/.pc/patches.taobao/lvs-toa-rs-export-symbols.patch/net/ipv6/af_inet6.c
andkernel/net/ipv6/af_inet6.c
respectively, which shares the similarity with CVE-2015-8543 and the patch is https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9pipe_iov_copy_from_user
andpipe_iov_copy_to_user
functions fromkernel/fs/pipe.c
, which shares the similarity with CVE-2015-1805 and the patch is https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1__mptctl_ioctl
,mptctl_do_reset
,mptctl_fw_download
,mptctl_getiocinfo
,mptctl_gettargetinfo
,mptctl_readtest
,mptctl_eventquery
,mptctl_eventenable
,mptctl_eventreport
,mptctl_replace_fw
,mptctl_mpt_command
,mptctl_hp_hostinfo
,mptctl_hp_targetinfo
,compat_mptfwxfer_ioctl
andcompat_mpt_command
functions fromkernel/drivers/message/fusion/mptctl.c
, which shares the similarity with CVE-2020-12652 and the patch is https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99bsunkbd_interrupt
function fromkernel/net/ipv4/af_inet.c
andkernel/drivers/input/keyboard/sunkbd.c
, which shares the similarity with CVE-2020-25669 and the patch is https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7evgacon_scroll
function fromkernel/drivers/video/console/vgacon.c
, which shares the similarity with CVE-2020-28097 and the patch is https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45notify_change
function fromkernel/fs/attr.c
, which shares the similarity with CVE-2015-1350 and the patch is https://github.com/torvalds/linux/commit/030b533c4fd4d2ec3402363323de4bb2983c9ceeisdn_ppp_ioctl
,slhc_init
, andsl_alloc_bufs
functions fromkernel/drivers/isdn/i4l/isdn_ppp.c
,kernel/drivers/net/slhc.c
andkernel/drivers/net/slip.c
respectively, which shares the similarity with CVE-2015-7799 and the patch is https://github.com/torvalds/linux/commit/4ab42d78e37a294ac7bc56901d563c642e03c4aeregister_disk
and__nbd_ioctl
functions fromkernel/fs/partitions/check.c
andkernel/drivers/block/nbd.c
respectively, which shares the similarity with CVE-2013-2851 and the patch is https://github.com/torvalds/linux/commit/ffc8b30866879ed9ba62bd0a86fecdbd51cd3d19ext4_ext_split
andext4_ext_split
fromkernel/fs/ext4/extents.c
andkernel/.pc/patches.taobao/ext4-free-allocated-and-pre-allocated-blocks-when-ch.patch/fs/ext4/extents.c
respectively, which shares the similarity with CVE-2019-11833 and the patch is https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64snd_seq_client_enqueue_event
,kernel_client_enqueue
,snd_seq_fifo_event_in
,snd_seq_cell_alloc
andsnd_seq_event_dup
functions fromkernel/sound/core/seq/seq_clientmgr.c
,kernel/sound/core/seq/seq_fifo.c
andkernel/sound/core/seq/seq_memory.c
respectively, which shares the similarity with CVE-2018-1000004 and the patch is https://github.com/torvalds/linux/commit/7bd80091567789f1c0cb70eb4737aac8bcd2b6b9persistent_prepare_exception
andread_exceptions
from kernel/drivers/md/dm-snap-persistent.c which shares the similarity to CVE-2013-4299 and the patch is https://github.com/torvalds/linux/commit/e9c6a182649f4259db704ae15a91ac820e63b0caext4_read_inode_bitmap
andext4_read_block_bitmap
functions fromkernel/fs/ext4/ialloc.c
andkernel/fs/ext4/balloc.c
respectively, which shares the similarity with CVE-2018-1093 and the patch is https://github.com/torvalds/linux/commit/7dac4a1726a9c64a517d595c40e95e2d0d135f6fext4_mb_add_groupinfo
,ext4_mb_add_groupinfo
andext4_mb_add_groupinfo
functions fromkernel/fs/ext4/mballoc.c
,kernel/.pc/patches.taobao/ext4-use-dedicated-slab-caches-for-group_info-structures.patch/fs/ext4/mballoc.c
andkernel/.pc/patches.taobao/ext4-Adding-error-check-after-calling-ext4_mb_regular_allocator.patch/fs/ext4/mballoc.c
respectively, which shares the similarity with CVE-2018-10876 and the patch is https://github.com/torvalds/linux/commit/8844618d8aa7a9973e7b527d038a2a589665002c__ext4_get_inode_loc
,__ext4_get_inode_loc
and__ext4_get_inode_loc
functions fromkernel/fs/ext4/inode.c
,kernel/.pc/patches.taobao/ext4-Fix-possible-lost-inode-write-in-no-journal-mode.diff/fs/ext4/inode.c
andkernel/.pc/patches.taobao/ext4-Fix-buffer-head-leaks-after-calls-to-ext4_get_inode_loc.diff/fs/ext4/inode.c
which shares the similarity with CVE-2018-10882 and the patch is https://github.com/torvalds/linux/commit/c37e9e013469521d9adb932d17a1795c139b36dbmem_cgroup_move_charge_pte_range
from the filekernel/mm/memcontrol.c
which shares the similarity to CVE-2012-1179 and the patch is https://github.com/torvalds/linux/commit/1a5a9906d4e8d1976b701f889d8f35d54b928f25flush_ldt
,init_new_context
,alloc_ldt
,copy_ldt
andconvert_ip_to_linear
functions fromkernel/arch/x86/kernel/ldt.c
andkernel/arch/x86/kernel/step.c
respectively, which shares the similarity with CVE-2015-5157 and the patch is https://github.com/torvalds/linux/commit/37868fe113ff2ba814b3b4eb12df214df555f8dchandle_rx_mergeable
fromkernel/drivers/vhost/net.c
shares the similarity to CVE-2014-0077 and the patch is https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0create_kthread
fromkernel/kernel/kthread.c
, which shares the similarity with CVE-2012-4398 and the patch is https://github.com/torvalds/linux/commit/786235eeba0e1e85e5cbbb9f97d1087ad03dfa21cypress_open
fromkernel/drivers/usb/serial/cypress_m8.c
, which shares the similarity with CVE-2016-3137 and the patch is https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754gru_handle_user_call_os
andgru_check_context_placement
functions fromkernel/drivers/misc/sgi-gru/grufault.c
andkernel/drivers/misc/sgi-gru/grumain.c
respectively, which shares the similarity with CVE-2022-3424 and the patch is https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dcrose_start_idletimer
fromernel/net/rose/rose_timer.c
, which shares the similarity with CVE-2022-2318 and the patch is https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6ext4_xattr_ibody_find
andext3_xattr_ibody_find
functions fromkernel/fs/ext4/xattr.c
andkernel/fs/ext3/xattr.c
respectively, which shares the similarity with CVE-2023-2513 and the patch is https://github.com/torvalds/linux/commit/67d7d8ad99befib6_rule_action
function fromkernel/net/ipv6/fib6_rules.c
, which shares the similarity with CVE-2023-3022 and the patch is https://github.com/torvalds/linux/commit/a65120bae4b7 We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!