From 633a4cd2685079d0952ee54b142f6bcd187d4f02 Mon Sep 17 00:00:00 2001 From: q879dh10982 Date: Thu, 8 May 2025 22:21:24 +0800 Subject: [PATCH] Signed-off-by: q879dh10982 20250508 --- .../08/CVE-2024-35789/CVE-2024-35789.json | 129 ++++++++++++++++++ .../08/CVE-2024-35789/CVE-2024-35789.yara | 34 +++++ 2 files changed, 163 insertions(+) create mode 100644 vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.json create mode 100644 vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.yara diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.json b/vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.json new file mode 100644 index 0000000..3ff6eb3 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.json @@ -0,0 +1,129 @@ +{ + "month": "2024-08", + "vulnerabilities": [ + { + "month": "2024-08", + "vul_id": { + "cve": "CVE-2024-35789", + "openharmony-sa": "" + }, + "severity": "medium", + "vul_description": { + "zh": "当将一个站点移出虚拟局域网并删除这个局域网之后,fast_rx入口仍然保留了一个指向虚拟局域网设备的指针,这会造成UAF漏洞。修复漏洞的方法是在虚拟局域网变动后移除ieee80211_check_fast_rx。", + "en": "When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change." + }, + "vul_impact": { + "zh": "可能会导致系统不稳定或崩溃", + "en": "This can result in system instability or crashes" + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-08.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-08.md" + }, + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/08b6c765efe6f3b36a2bcda39124f150859d7c40" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/08b6c765efe6f3b36a2bcda39124f150859d7c40.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/08b6c765efe6f3b36a2bcda39124f150859d7c40.diff" + ] + }, + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/7ea0eaf6c6eb66ab909b225d5b600feeae9391e3" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/7ea0eaf6c6eb66ab909b225d5b600feeae9391e3.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/7ea0eaf6c6eb66ab909b225d5b600feeae9391e3.diff" + ] + } + }, + "affected_projects": "kernel_linux_5.10", + "object_type": "kernel_linux", + "affected_versions": [ + "4.0.0-4.0.1", + "4.1.0-4.1.1" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + ], + "yara_rules": [ + "CVE-2024-35789.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.yara b/vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.yara new file mode 100644 index 0000000..adbdd6f --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-35789/CVE-2024-35789.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule CVE_2024_35789 { + meta: + date = "20240508" + file = "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + + strings: + $fix = {0? 1D 00 94} + $unfix = {A4 1D 00 94} + + /* 4.1.3 版本特殊判断 */ + $s = {B4 34 00 94} + + + condition: + $fix and ( not $unfix or $s ) and console.log("CVE-2024-35789 pass") +} \ No newline at end of file -- Gitee