From 3488478b57c13fc9b301ab5887aba6ee40358a1c Mon Sep 17 00:00:00 2001 From: muyueleng Date: Mon, 16 Dec 2024 00:09:07 +0800 Subject: [PATCH 1/4] =?UTF-8?q?SSTS=E6=96=B0=E5=A2=9E=E8=A7=84=E5=88=99?= =?UTF-8?q?=EF=BC=9ACVE-2024-35950?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: muyueleng --- .../TestCaseInfo-CVE-2024-35950.json | 118 ++++++++++++++++++ .../TestCaseInfo-CVE-2024-35950.yara | 34 +++++ 2 files changed, 152 insertions(+) create mode 100644 vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json create mode 100644 vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json new file mode 100644 index 0000000..3f5a03d --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json @@ -0,0 +1,118 @@ +{ + "month": "2024-08", + "release_time": " ", + "vulnerabilities": [ + { + "month": "2024-08", + "vul_id": { + "cve": "CVE-2024-35950", + "openharmony-sa": " " + }, + "severity": "medium", + "vul_description": { + "zh": "modes[] 数组包含了指向连接器模式列表中的模式的指针,这些模式列表由 dev->mode_config.mutex 互斥锁保护。如果 modes[] 数组没有得到相同的保护,那么在数组被使用时,其元素可能已经指向了已被释放或重用的内存。", + "en": "The modes[] array contains Pointers to the modes in the connector mode list, which is protected by the dev->mode_config.mutex mutex. If the modes[] array is not protected in the same way, its elements may already point to memory that has been freed or reused while the array is being used. " + }, + "vul_impact": { + "zh": "此漏洞允许攻击者利用竞态条件来访问或修改 modes[] 数组中已释放或重用的内存,可能导致权限提升、信息泄露或系统崩溃", + "en": "This vulnerability allows an attacker to exploit race conditions to access or modify freed or reused memory in modes[] arrays, potentially leading to permission escalation, information disclosure, or system crash." + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-08.md", + "en": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-08.md" + }, + "patch_info": { + "3.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.diff" + ] + } + }, + "affected_projects": "kernel_linux_5.10", + "object_type": "kernel_linux", + "affected_versions": [ + "4.0.0-4.0.1","4.1.0-4.1.1" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + ], + "yara_rules": [ + "TestCaseRule_CVE_2024_35950.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara new file mode 100644 index 0000000..84bb20c --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_35950 +{ + meta: + date="2024-12-14" + openharmony_sa="" + cve="CVE-2024-35950" + affected_files="/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + + strings: + $fix={ E0 1B 40 F9 ?? ?? ?? 94 E0 1F 40 F9 ?? ?? ?? 94} + $vul={ 80 00 00 94 E8 1B 40 F9 ?? ?? ?? 94 } + + condition: + ((not $vul) and $fix) and console.log("CVE-2024-35950 testcase pass") + } + -- Gitee From 8afed20a93281dbdd62d8f947b57384b0ca2d4b6 Mon Sep 17 00:00:00 2001 From: muyueleng Date: Wed, 18 Dec 2024 00:26:00 +0800 Subject: [PATCH 2/4] =?UTF-8?q?SSTS=E6=96=B0=E5=A2=9E=E8=A7=84=E5=88=99?= =?UTF-8?q?=EF=BC=9ACVE-2024-26923?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: muyueleng --- .../TestCaseInfo-CVE-2024-26923.json | 118 ++++++++++++++++++ .../TestCaseInfo-CVE-2024-26923.yara | 35 ++++++ 2 files changed, 153 insertions(+) create mode 100644 vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json create mode 100644 vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara diff --git a/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json new file mode 100644 index 0000000..1b24bd2 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json @@ -0,0 +1,118 @@ +{ + "month": "2024-07", + "release_time": " ", + "vulnerabilities": [ + { + "month": "2024-07", + "vul_id": { + "cve": "CVE-2024-26923", + "openharmony-sa": " " + }, + "severity": "low", + "vul_description": { + "zh": "由于垃圾回收器在处理连接操作时未正确同步,导致 SCM_RIGHTS 数据传递过程中 inflight 计数异常增加,进而引发悬空指针问题。", + "en": "The inflight count increases abnormally during SCM_RIGHTS data transfer because the garbage collector is not properly synchronized when processing connection operations, causing a dangling pointer problem. " + }, + "vul_impact": { + "zh": "可能导致 inflight 计数错误,从而引发垃圾回收器处理套接字时出现悬空指针,进而导致内核崩溃或系统不稳定。", + "en": "inflight count errors can result, which can cause dangling Pointers when garbage collectors process sockets, leading to kernel crashes or system instability. " + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md", + "en": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md" + }, + "patch_info": { + "3.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1411" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1411.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1411.diff" + ] + } + }, + "affected_projects": "kernel_linux_5.10", + "object_type": "kernel_linux", + "affected_versions": [ + "4.0.0-4.0.1","4.1.0-4.1.1" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + ], + "yara_rules": [ + "TestCaseRule_CVE_2024_26923.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara new file mode 100644 index 0000000..8d53011 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_26923 +{ + meta: + date="2024-12-17" + openharmony_sa="" + cve="CVE-2024-26923" + affected_files="/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + +strings: + $vul = { 0B 19 40 F9 6B 05 40 B2 0B 19 00 F9 } + $fix = { 13 61 00 91 E0 03 13 AA FB 02 18 94 E0 03 13 AA 3D 03 18 94 } + + + condition: + ((not $vul) and $fix) and console.log("CVE-2024-26923 testcase pass") + } + -- Gitee From 6866082a1174128d778bfc118b8d5cb0fdbfbcad Mon Sep 17 00:00:00 2001 From: muyueleng Date: Wed, 18 Dec 2024 01:04:24 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E6=8C=89=E7=85=A7=E8=AF=84=E8=AE=BA?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E4=BA=86=E5=B0=8F=E6=9B=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: muyueleng --- .../TestCaseInfo-CVE-2024-26923.json | 17 ++++++++++++++--- .../TestCaseInfo-CVE-2024-26923.yara | 2 +- .../TestCaseInfo-CVE-2024-35950.json | 17 ++++++++++++++--- .../TestCaseInfo-CVE-2024-35950.yara | 2 +- 4 files changed, 30 insertions(+), 8 deletions(-) diff --git a/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json index 1b24bd2..15bceae 100644 --- a/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json +++ b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.json @@ -19,10 +19,21 @@ }, "disclosure": { "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md", - "en": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md" + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-07.md" }, "patch_info": { - "3.0.x": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1411" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1411.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1411.diff" + ] + }, + "4.1.x": { "patch_url": [ "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1411" ], @@ -94,7 +105,7 @@ "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" ], "yara_rules": [ - "TestCaseRule_CVE_2024_26923.yara" + "TestCaseRule-CVE-2024-26923.yara" ] } } diff --git a/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara index 8d53011..28841c3 100644 --- a/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara +++ b/vulntest/SSTSTestcases/2024/07/CVE-2024-26923/TestCaseInfo-CVE-2024-26923.yara @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json index 3f5a03d..26a7661 100644 --- a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.json @@ -19,10 +19,21 @@ }, "disclosure": { "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-08.md", - "en": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-08.md" + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-08.md" }, "patch_info": { - "3.0.x": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.diff" + ] + }, + "4.1.x": { "patch_url": [ "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460" ], @@ -94,7 +105,7 @@ "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" ], "yara_rules": [ - "TestCaseRule_CVE_2024_35950.yara" + "TestCaseRule-CVE-2024-35950.yara" ] } } diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara index 84bb20c..834e3a5 100644 --- a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35950.yara @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. -- Gitee From 4802270301663ec01b75e8fdbec5477ba4af4e70 Mon Sep 17 00:00:00 2001 From: muyueleng Date: Wed, 18 Dec 2024 13:25:14 +0800 Subject: [PATCH 4/4] =?UTF-8?q?SSTS=E6=96=B0=E5=A2=9E=E8=A7=84=E5=88=99?= =?UTF-8?q?=EF=BC=9ACVE-2024-35910?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: muyueleng --- .../TestCaseInfo-CVE-2024-35910.json | 129 ++++++++++++++++++ .../TestCaseInfo-CVE-2024-35910.yara | 33 +++++ 2 files changed, 162 insertions(+) create mode 100644 vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.json create mode 100644 vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.yara diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.json b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.json new file mode 100644 index 0000000..81df8d4 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.json @@ -0,0 +1,129 @@ +{ + "month": "2024-08", + "release_time": " ", + "vulnerabilities": [ + { + "month": "2024-08", + "vul_id": { + "cve": "CVE-2024-35910", + "openharmony-sa": " " + }, + "severity": "medium", + "vul_description": { + "zh": "由于在清理传输定时器时未正确同步套接字状态,可能导致定时器竞争和资源释放不当,进而引发系统崩溃或其他不稳定行为。", + "en": "If the socket status is not synchronized correctly when the transfer timer is cleared, timer contention and resource release may be improper, resulting in system crash or other unstable behaviors. " + }, + "vul_impact": { + "zh": "此漏洞可能导致套接字资源在传输定时器清理过程中释放不当或并发竞争,从而引发内核崩溃或系统不稳定。", + "en": "Improper release of socket resources or concurrent contention during transfer timer cleaning may result in kernel crash or system instability." + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-08.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-08.md" + }, + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.diff" + ] + }, + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/pulls/1460.diff" + ] + } + }, + "affected_projects": "kernel_linux_5.10", + "object_type": "kernel_linux", + "affected_versions": [ + "4.0.0-4.0.1","4.1.0-4.1.1" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-35910.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.yara b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.yara new file mode 100644 index 0000000..d8daddc --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35950/TestCaseInfo-CVE-2024-35910.yara @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_35910 +{ + meta: + date = "2024-12-18" + openharmony_sa = "" + cve = "CVE-2024-35910" + affected_files = "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + + strings: + $vul = { 5F 24 03 D5 1F 20 03 D5 1F 20 03 D5 } + $fix = { 51 C5 FC 97 61 82 14 91 E0 03 13 AA 4E C5 FC 97 } + + condition: + ((not $vul) or $fix) and console.log("CVE-2024-35910 testcase pass") +} -- Gitee