Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] some unpatched code is in your repo #804

Open
Crispy-fried-chicken opened this issue Sep 11, 2024 · 0 comments
Open

[Security] some unpatched code is in your repo #804

Crispy-fried-chicken opened this issue Sep 11, 2024 · 0 comments

Comments

@Crispy-fried-chicken
Copy link

Crispy-fried-chicken commented Sep 11, 2024
edited
Loading

Hi,
Our tool have found that this repo has remained some unfixed CVE. Some of there are as follows:

  1. anon_vma_alloc function in the file trunk/linux-3.4.x/mm/rmap.c shares the similarity with the CVE-2022-42703, the fix is torvalds/linux@2555283
  2. sl_tx_timeout function in the file trunk/linux-3.4.x/drivers/net/slip/slip.c shares the similarity with the CVE-2022-41858, the fix is torvalds/linux@ec4eb8a
  3. increment_qlen, decrement_qlen functions in the file trunk/linux-3.4.x/net/sched/sch_sfb.c shares the similarity with the CVE-2022-3586, the fix is torvalds/linux@9efd23297cca
  4. gru_handle_user_call_os functions in the file trunk/linux-3.4.x/drivers/misc/sgi-gru/grufault.c and gru_check_context_placement function in the file trunk/linux-3.4.x/drivers/misc/sgi-gru/grumain.c shares the similarity with the CVE-2022-3424, the fix is torvalds/linux@643a16a.
  5. sink function in the file trunk/user/dropbear/dropbear-201X.XX/scp.c shares the similarity with the CVE-2020-36254, the fix is mkj/dropbear@8f8a3df
  6. sunkbd_interrupt, sunkbd_enable and sunkbd_reinit functions in the file of trunk/linux-3.4.x/drivers/input/keyboard/sunkbd.c, shares the similarity with the CVE-2020-25669, the fix is torvalds/linux@77e70d3,
  7. k_fn functions in the file of trunk/linux-3.4.x/drivers/tty/vt/keyboard.c, shares the similarity with the CVE-2020-25656, the fix is torvalds/linux@82e61c3
  8. mwifiex_cmd_append_vsie_tlv functions in the file of trunk/linux-3.4.x/drivers/net/wireless/mwifiex/scan.c, shares the similarity with the CVE-2020-12653, the fix is torvalds/linux@b70261a
  9. mptctl_readtest function and some other functions in the file of trunk/linux-3.4.x/drivers/message/fusion/mptctl.c, shares the similarity with the CVE-2020-12652, the fix is torvalds/linux@28d76df
  10. cit_get_packet_size function and some other functions in the file of trunk/linux-3.4.x/drivers/media/video/gspca/xirlink_cit.c, shares the similarity with the CVE-2020-11668, the fix is torvalds/linux@a246b4d
  11. stv06xx_isoc_init function and some other functions in the file of trunk/linux-3.4.x/drivers/media/video/gspca/stv06xx/stv06xx.c, shares the similarity with the CVE-2020-11609, the fix is torvalds/linux@485b06a
  12. set_fdc function and some other functions in the file of trunk/linux-3.4.x/drivers/block/floppy.c, shares the similarity with the CVE-2020-9383, the fix is torvalds/linux@2e90ca6

We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Crispy-fried-chicken