search

alibaba / LVS

A distribution of Linux Virtual Server with some advanced features. It introduces a new packet forwarding method - FULLNAT other than NAT/Tunneling/DirectRouting, and defense mechanism against synflooding attack - SYNPROXY.
2k stars 682 forks source link

Security Vulnerability - Action Required: some unpatched vulnerabilities are detected in your repo #43

Open Crispy-fried-chicken opened 7 months ago

Crispy-fried-chicken commented 7 months ago

Hi, our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received positive feedback from other projects before. we have scanned your LVS and found some vulnerabilities, which were confirmed and fixed by linux do not get patched in this repo. Here are some details as follows:

  1. inet_create, inet6_create and inet6_create functions from kernel/.pc/patches.taobao/lvs-toa-rs-export-symbols.patch/net/ipv4/af_inet.c, kernel/.pc/patches.taobao/lvs-toa-rs-export-symbols.patch/net/ipv6/af_inet6.c and kernel/net/ipv6/af_inet6.c respectively, which shares the similarity with CVE-2015-8543 and the patch is https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9
  2. pipe_iov_copy_from_user and pipe_iov_copy_to_user functions from kernel/fs/pipe.c , which shares the similarity with CVE-2015-1805 and the patch is https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1
  3. __mptctl_ioctl, mptctl_do_reset, mptctl_fw_download, mptctl_getiocinfo, mptctl_gettargetinfo, mptctl_readtest, mptctl_eventquery, mptctl_eventenable, mptctl_eventreport, mptctl_replace_fw, mptctl_mpt_command, mptctl_hp_hostinfo, mptctl_hp_targetinfo, compat_mptfwxfer_ioctl and compat_mpt_command functions from kernel/drivers/message/fusion/mptctl.c, which shares the similarity with CVE-2020-12652 and the patch is https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b
  4. sunkbd_interrupt function from kernel/net/ipv4/af_inet.c and kernel/drivers/input/keyboard/sunkbd.c, which shares the similarity with CVE-2020-25669 and the patch is https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e
  5. vgacon_scroll function from kernel/drivers/video/console/vgacon.c, which shares the similarity with CVE-2020-28097 and the patch is https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45
  6. notify_change function from kernel/fs/attr.c, which shares the similarity with CVE-2015-1350 and the patch is https://github.com/torvalds/linux/commit/030b533c4fd4d2ec3402363323de4bb2983c9cee
  7. isdn_ppp_ioctl, slhc_init, and sl_alloc_bufs functions from kernel/drivers/isdn/i4l/isdn_ppp.c, kernel/drivers/net/slhc.c and kernel/drivers/net/slip.c respectively, which shares the similarity with CVE-2015-7799 and the patch is https://github.com/torvalds/linux/commit/4ab42d78e37a294ac7bc56901d563c642e03c4ae
  8. register_disk and __nbd_ioctl functions from kernel/fs/partitions/check.c and kernel/drivers/block/nbd.c respectively, which shares the similarity with CVE-2013-2851 and the patch is https://github.com/torvalds/linux/commit/ffc8b30866879ed9ba62bd0a86fecdbd51cd3d19
  9. ext4_ext_split and ext4_ext_split from kernel/fs/ext4/extents.c and kernel/.pc/patches.taobao/ext4-free-allocated-and-pre-allocated-blocks-when-ch.patch/fs/ext4/extents.c respectively, which shares the similarity with CVE-2019-11833 and the patch is https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
  10. snd_seq_client_enqueue_event, kernel_client_enqueue, snd_seq_fifo_event_in, snd_seq_cell_alloc and snd_seq_event_dup functions from kernel/sound/core/seq/seq_clientmgr.c, kernel/sound/core/seq/seq_fifo.c and kernel/sound/core/seq/seq_memory.c respectively, which shares the similarity with CVE-2018-1000004 and the patch is https://github.com/torvalds/linux/commit/7bd80091567789f1c0cb70eb4737aac8bcd2b6b9
  11. persistent_prepare_exception and read_exceptions from kernel/drivers/md/dm-snap-persistent.c which shares the similarity to CVE-2013-4299 and the patch is https://github.com/torvalds/linux/commit/e9c6a182649f4259db704ae15a91ac820e63b0ca
  12. ext4_read_inode_bitmap and ext4_read_block_bitmap functions from kernel/fs/ext4/ialloc.c and kernel/fs/ext4/balloc.c respectively, which shares the similarity with CVE-2018-1093 and the patch is https://github.com/torvalds/linux/commit/7dac4a1726a9c64a517d595c40e95e2d0d135f6f
  13. ext4_mb_add_groupinfo, ext4_mb_add_groupinfo and ext4_mb_add_groupinfo functions from kernel/fs/ext4/mballoc.c, kernel/.pc/patches.taobao/ext4-use-dedicated-slab-caches-for-group_info-structures.patch/fs/ext4/mballoc.c and kernel/.pc/patches.taobao/ext4-Adding-error-check-after-calling-ext4_mb_regular_allocator.patch/fs/ext4/mballoc.c respectively, which shares the similarity with CVE-2018-10876 and the patch is https://github.com/torvalds/linux/commit/8844618d8aa7a9973e7b527d038a2a589665002c
  14. __ext4_get_inode_loc, __ext4_get_inode_loc and __ext4_get_inode_loc functions from kernel/fs/ext4/inode.c, kernel/.pc/patches.taobao/ext4-Fix-possible-lost-inode-write-in-no-journal-mode.diff/fs/ext4/inode.c and kernel/.pc/patches.taobao/ext4-Fix-buffer-head-leaks-after-calls-to-ext4_get_inode_loc.diff/fs/ext4/inode.c which shares the similarity with CVE-2018-10882 and the patch is https://github.com/torvalds/linux/commit/c37e9e013469521d9adb932d17a1795c139b36db
  15. mem_cgroup_move_charge_pte_range from the file kernel/mm/memcontrol.c which shares the similarity to CVE-2012-1179 and the patch is https://github.com/torvalds/linux/commit/1a5a9906d4e8d1976b701f889d8f35d54b928f25
  16. flush_ldt, init_new_context, alloc_ldt, copy_ldt and convert_ip_to_linear functions from kernel/arch/x86/kernel/ldt.c and kernel/arch/x86/kernel/step.c respectively, which shares the similarity with CVE-2015-5157 and the patch is https://github.com/torvalds/linux/commit/37868fe113ff2ba814b3b4eb12df214df555f8dc
  17. handle_rx_mergeable from kernel/drivers/vhost/net.c shares the similarity to CVE-2014-0077 and the patch is https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0
  18. create_kthread from kernel/kernel/kthread.c, which shares the similarity with CVE-2012-4398 and the patch is https://github.com/torvalds/linux/commit/786235eeba0e1e85e5cbbb9f97d1087ad03dfa21
  19. cypress_open from kernel/drivers/usb/serial/cypress_m8.c, which shares the similarity with CVE-2016-3137 and the patch is https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754
  20. gru_handle_user_call_os and gru_check_context_placement functions from kernel/drivers/misc/sgi-gru/grufault.c and kernel/drivers/misc/sgi-gru/grumain.c respectively, which shares the similarity with CVE-2022-3424 and the patch is https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
  21. rose_start_idletimer from ernel/net/rose/rose_timer.c, which shares the similarity with CVE-2022-2318 and the patch is https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6
  22. ext4_xattr_ibody_find and ext3_xattr_ibody_find functions from kernel/fs/ext4/xattr.c and kernel/fs/ext3/xattr.c respectively, which shares the similarity with CVE-2023-2513 and the patch is https://github.com/torvalds/linux/commit/67d7d8ad99be
  23. fib6_rule_action function from kernel/net/ipv6/fib6_rules.c, which shares the similarity with CVE-2023-3022 and the patch is https://github.com/torvalds/linux/commit/a65120bae4b7 We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!