Fastsocket is a highly scalable socket and its underlying networking implementation of Linux kernel. With the straight linear scalability, Fastsocket can provide extremely good performance in multicore machines. In addition, it is very easy to use and maintain. As a result, it has been deployed in the production environment of SINA.
I'm cloning this repo to make some modifications to customize. However, I've noticed that some CVEs which were confirmed and fixed by linux do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch.
Here are the CVEs I found in this repo unpatched, but get fixed in linux:
CVE-2011-1161 in kernel/drivers/char/tpm/tpm.c's function static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, size_t bufsiz), with patch here for your reference.
CVE-2022-2639 in kernel/net/openvswitch/datapath.c's function static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, int attr_len), with patch here for your reference.
CVE-2017-8824 in kernel/net/dccp/proto.c's function int dccp_disconnect(struct sock *sk, int flags), with patch here for your reference.
CVE-2019-7222 in kernel/arch/x86/kvm/x86.c's function static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, struct kvm_vcpu *vcpu, u32 access, u32 *error), with patch here for your reference.
CVE-2013-4587 in kernel/virt/kvm/kvm_main.c's function static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, u32 id), with patch here for your reference.
I'm cloning this repo to make some modifications to customize. However, I've noticed that some CVEs which were confirmed and fixed by linux do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch. Here are the CVEs I found in this repo unpatched, but get fixed in linux:
CVE-2011-1161 in kernel/drivers/char/tpm/tpm.c's function
static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, size_t bufsiz), with patch here for your reference.CVE-2022-2639 in kernel/net/openvswitch/datapath.c's function
static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, int attr_len), with patch here for your reference.CVE-2020-9383 in kernel/drivers/block/floppy.c's function
static void set_fdc(int drive), with patch here for your reference.CVE-2017-8824 in kernel/net/dccp/proto.c's function
int dccp_disconnect(struct sock *sk, int flags), with patch here for your reference.CVE-2019-7222 in kernel/arch/x86/kvm/x86.c's function
static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, struct kvm_vcpu *vcpu, u32 access, u32 *error), with patch here for your reference.CVE-2013-4587 in kernel/virt/kvm/kvm_main.c's function
static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, u32 id), with patch here for your reference.