Hi,
our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received positive feedback from other projects before.
we have scanned your fastsocket and found some vulnerabilities, which were confirmed and fixed by linux do not get patched in this repo. Here are some details as follows:
inet_create and inet6_create functions from kernel/net/ipv4/af_inet.c and kernel/net/ipv6/af_inet6.c respectively, which shares the similarity with CVE-2015-8543 and the patch is torvalds/linux@79462adpipe_iov_copy_from_user and pipe_iov_copy_to_user functions from kernel/fs/pipe.c , which shares the similarity with CVE-2015-1805 and the patch is torvalds/linux@637b58c__mptctl_ioctl, mptctl_do_reset, mptctl_fw_download, mptctl_getiocinfo, mptctl_gettargetinfo, mptctl_readtest, mptctl_eventquery, mptctl_eventenable, mptctl_eventreport, mptctl_replace_fw, mptctl_mpt_command, mptctl_hp_hostinfo, mptctl_hp_targetinfo, compat_mptfwxfer_ioctl and compat_mpt_command functions from kernel/drivers/message/fusion/mptctl.c, which shares the similarity with CVE-2020-12652 and the patch is torvalds/linux@28d76dfsunkbd_interrupt function from kernel/net/ipv4/af_inet.c and kernel/drivers/input/keyboard/sunkbd.c, which shares the similarity with CVE-2020-25669 and the patch is torvalds/linux@77e70d3vgacon_scroll function from kernel/drivers/video/console/vgacon.c, which shares the similarity with CVE-2020-28097 and the patch is torvalds/linux@973c096notify_change function from kernel/fs/attr.c, which shares the similarity with CVE-2015-1350 and the patch is torvalds/linux@030b533enable_nmi_window from kernel/arch/x86/kvm/svm.c, which shares the similarity with CVE-2015-8104 and the patch is torvalds/linux@cbdb967isdn_ppp_ioctl, slhc_init, and sl_alloc_bufs functions from kernel/drivers/isdn/i4l/isdn_ppp.c, kernel/drivers/net/slhc.c and kernel/drivers/net/slip.c respectively, which shares the similarity with CVE-2015-7799 and the patch is torvalds/linux@4ab42d7ext4_ext_split from kernel/fs/ext4/extents.c, which shares the similarity with CVE-2019-11833 and the patch is torvalds/linux@592acbfsnd_seq_client_enqueue_event, kernel_client_enqueue, snd_seq_fifo_event_in, snd_seq_cell_alloc and snd_seq_event_dup functions from kernel/sound/core/seq/seq_clientmgr.c, kernel/sound/core/seq/seq_fifo.c and kernel/sound/core/seq/seq_memory.c respectively, which shares the similarity with CVE-2018-1000004 and the patch is torvalds/linux@7bd8009ext4_read_inode_bitmap and ext4_read_block_bitmap functions from kernel/fs/ext4/ialloc.c and kernel/fs/ext4/balloc.c respectively, which shares the similarity with CVE-2018-1093 and the patch is torvalds/linux@7dac4a1ext4_mb_add_groupinfo and ext4_has_uninit_itable functions from kernel/fs/ext4/mballoc.c and kernel/fs/ext4/super.c respectively, which shares the similarity with CVE-2018-10876 and the patch is torvalds/linux@8844618__ext4_get_inode_loc functions from kernel/fs/ext4/inode.c, which shares the similarity with CVE-2018-10882 and the patch is torvalds/linux@c37e9e0flush_ldt, init_new_context, alloc_ldt, copy_ldt and convert_ip_to_linear functions from kernel/arch/x86/kernel/ldt.c and kernel/arch/x86/kernel/step.c respectively, which shares the similarity with CVE-2015-5157 and the patch is torvalds/linux@37868fecreate_kthread from kernel/kernel/kthread.c, which shares the similarity with CVE-2012-4398 and the patch is torvalds/linux@786235ecypress_open from kernel/drivers/usb/serial/cypress_m8.c, which shares the similarity with CVE-2016-3137 and the patch is torvalds/linux@c55aee1gru_handle_user_call_os and gru_check_context_placement functions from kernel/drivers/misc/sgi-gru/grufault.c and kernel/drivers/misc/sgi-gru/grumain.c respectively, which shares the similarity with CVE-2022-3424 and the patch is torvalds/linux@643a16arose_start_idletimer from ernel/net/rose/rose_timer.c, which shares the similarity with CVE-2022-2318 and the patch is torvalds/linux@9cc02edext4_xattr_ibody_find and ext3_xattr_ibody_find functions from kernel/fs/ext4/xattr.c and kernel/fs/ext3/xattr.c respectively, which shares the similarity with CVE-2023-2513 and the patch is torvalds/linux@67d7d8ad99befib6_rule_action function from kernel/net/ipv6/fib6_rules.c, which shares the similarity with CVE-2023-3022 and the patch is torvalds/linux@a65120bae4b7
We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!
Hi,
our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received positive feedback from other projects before.
we have scanned your fastsocket and found some vulnerabilities, which were confirmed and fixed by linux do not get patched in this repo. Here are some details as follows:
inet_createandinet6_createfunctions fromkernel/net/ipv4/af_inet.candkernel/net/ipv6/af_inet6.crespectively, which shares the similarity with CVE-2015-8543 and the patch is torvalds/linux@79462adpipe_iov_copy_from_userandpipe_iov_copy_to_userfunctions fromkernel/fs/pipe.c, which shares the similarity with CVE-2015-1805 and the patch is torvalds/linux@637b58c__mptctl_ioctl,mptctl_do_reset,mptctl_fw_download,mptctl_getiocinfo,mptctl_gettargetinfo,mptctl_readtest,mptctl_eventquery,mptctl_eventenable,mptctl_eventreport,mptctl_replace_fw,mptctl_mpt_command,mptctl_hp_hostinfo,mptctl_hp_targetinfo,compat_mptfwxfer_ioctlandcompat_mpt_commandfunctions fromkernel/drivers/message/fusion/mptctl.c, which shares the similarity with CVE-2020-12652 and the patch is torvalds/linux@28d76dfsunkbd_interruptfunction fromkernel/net/ipv4/af_inet.candkernel/drivers/input/keyboard/sunkbd.c, which shares the similarity with CVE-2020-25669 and the patch is torvalds/linux@77e70d3vgacon_scrollfunction fromkernel/drivers/video/console/vgacon.c, which shares the similarity with CVE-2020-28097 and the patch is torvalds/linux@973c096notify_changefunction fromkernel/fs/attr.c, which shares the similarity with CVE-2015-1350 and the patch is torvalds/linux@030b533enable_nmi_windowfromkernel/arch/x86/kvm/svm.c, which shares the similarity with CVE-2015-8104 and the patch is torvalds/linux@cbdb967isdn_ppp_ioctl,slhc_init, andsl_alloc_bufsfunctions fromkernel/drivers/isdn/i4l/isdn_ppp.c,kernel/drivers/net/slhc.candkernel/drivers/net/slip.crespectively, which shares the similarity with CVE-2015-7799 and the patch is torvalds/linux@4ab42d7ext4_ext_splitfromkernel/fs/ext4/extents.c, which shares the similarity with CVE-2019-11833 and the patch is torvalds/linux@592acbfsnd_seq_client_enqueue_event,kernel_client_enqueue,snd_seq_fifo_event_in,snd_seq_cell_allocandsnd_seq_event_dupfunctions fromkernel/sound/core/seq/seq_clientmgr.c,kernel/sound/core/seq/seq_fifo.candkernel/sound/core/seq/seq_memory.crespectively, which shares the similarity with CVE-2018-1000004 and the patch is torvalds/linux@7bd8009ext4_read_inode_bitmapandext4_read_block_bitmapfunctions fromkernel/fs/ext4/ialloc.candkernel/fs/ext4/balloc.crespectively, which shares the similarity with CVE-2018-1093 and the patch is torvalds/linux@7dac4a1ext4_mb_add_groupinfoandext4_has_uninit_itablefunctions fromkernel/fs/ext4/mballoc.candkernel/fs/ext4/super.crespectively, which shares the similarity with CVE-2018-10876 and the patch is torvalds/linux@8844618__ext4_get_inode_locfunctions fromkernel/fs/ext4/inode.c, which shares the similarity with CVE-2018-10882 and the patch is torvalds/linux@c37e9e0flush_ldt,init_new_context,alloc_ldt,copy_ldtandconvert_ip_to_linearfunctions fromkernel/arch/x86/kernel/ldt.candkernel/arch/x86/kernel/step.crespectively, which shares the similarity with CVE-2015-5157 and the patch is torvalds/linux@37868fecreate_kthreadfromkernel/kernel/kthread.c, which shares the similarity with CVE-2012-4398 and the patch is torvalds/linux@786235ecypress_openfromkernel/drivers/usb/serial/cypress_m8.c, which shares the similarity with CVE-2016-3137 and the patch is torvalds/linux@c55aee1gru_handle_user_call_osandgru_check_context_placementfunctions fromkernel/drivers/misc/sgi-gru/grufault.candkernel/drivers/misc/sgi-gru/grumain.crespectively, which shares the similarity with CVE-2022-3424 and the patch is torvalds/linux@643a16arose_start_idletimerfromernel/net/rose/rose_timer.c, which shares the similarity with CVE-2022-2318 and the patch is torvalds/linux@9cc02edext4_xattr_ibody_findandext3_xattr_ibody_findfunctions fromkernel/fs/ext4/xattr.candkernel/fs/ext3/xattr.crespectively, which shares the similarity with CVE-2023-2513 and the patch is torvalds/linux@67d7d8ad99befib6_rule_actionfunction fromkernel/net/ipv6/fib6_rules.c, which shares the similarity with CVE-2023-3022 and the patch is torvalds/linux@a65120bae4b7We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!