You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm from a research team which focuses on OSS similar vulnerability detection. Our team observes 10 similar vulnerability in master branch. Sorry that we did not find the security policy in this project and have to post the information here. Could you help verify that are the functions detected are impacted, and can we directly apply the patches to fix the vulnerabilities? Following we list the detail of each similar vulnerability, including the CVE, relevant patch, the vulnerable functions in LKL. Note that the listed functions are the same as the unpatched version in the relevant patch.
(1)
Vulnerability info:
CVE-2018-1000026 (7.7 HIGH): Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.
CVE-2022-1852 (5.5 MEDIUM): A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.
CVE-2022-2318 (5.5 MEDIUM): There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
CVE-2022-2959 (7.0 HIGH): A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-3077 (5.5 MEDIUM): A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
CVE-2022-36123 (7.8 HIGH): The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
CVE-2022-36879 (5.5 MEDIUM): An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
CVE-2022-39189 (7.8 HIGH): An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
One question: which LKL version did you use for the checks ?
We have recently pulled the upstream linus tree to our branch (Jun 24, 2023), and I guess the most of the CVEs (all?) have already fixed in the LKL branch.
Given that (currently) lkl follows somewhat dated mainline releases, there will likely always be a bunch of applicable CVEs. For this to change we'd probably need to follow Linus's releases quite closely or switch to something like https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=linux-rolling-stable ... Merging lkl into mainline would of course be the ideal solution 😄
Hi LKL team,
I'm from a research team which focuses on OSS similar vulnerability detection. Our team observes 10 similar vulnerability in master branch. Sorry that we did not find the security policy in this project and have to post the information here. Could you help verify that are the functions detected are impacted, and can we directly apply the patches to fix the vulnerabilities? Following we list the detail of each similar vulnerability, including the CVE, relevant patch, the vulnerable functions in LKL. Note that the listed functions are the same as the unpatched version in the relevant patch.
(1)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c ~ qlcnic_features_check
(2)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
arch/x86/kvm/x86.c ~ kvm_vcpu_check_breakpoint
arch/x86/kvm/x86.c ~ x86_decode_emulated_instruction
arch/x86/kvm/x86.c ~ x86_emulate_instruction
(3)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
net/rose/rose_timer.c ~ rose_heartbeat_expiry
net/rose/rose_timer.c ~ rose_idletimer_expiry
net/rose/rose_timer.c ~ rose_start_hbtimer
net/rose/rose_timer.c ~ rose_start_heartbeat
net/rose/rose_timer.c ~ rose_start_idletimer
net/rose/rose_timer.c ~ rose_start_t1timer
net/rose/rose_timer.c ~ rose_start_t2timer
net/rose/rose_timer.c ~ rose_start_t3timer
net/rose/rose_timer.c ~ rose_timer_expiry
(4)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
fs/pipe.c ~ pipe_resize_ring
(5)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
drivers/i2c/busses/i2c-ismt.c ~ ismt_access
(6)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
drivers/rpmsg/virtio_rpmsg_bus.c ~ rpmsg_virtio_add_ctrl_dev
(7)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
drivers/rpmsg/virtio_rpmsg_bus.c ~ rpmsg_probe
(8)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
arch/x86/kernel/head64.c ~ clear_bss
arch/x86/xen/enlighten_pv.c ~ xen_start_kernel
(9)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
net/xfrm/xfrm_policy.c ~ xfrm_expand_policies
(10)
Vulnerability info:
The relevant patch info:
Similar vulnerable function info:
arch/x86/kvm/vmx/vmx.c ~ handle_external_interrupt_irqoff
arch/x86/kvm/x86.c ~ kvm_steal_time_set_preempted
arch/x86/kvm/x86.c ~ vcpu_run
Thanks,
FVF research team
The text was updated successfully, but these errors were encountered: