From a8033dea8bc8b45d4b60b9358acb2d6f38f655b2 Mon Sep 17 00:00:00 2001 From: xinian <1549580042@qq.com> Date: Mon, 25 Aug 2025 20:43:13 +0800 Subject: [PATCH] =?UTF-8?q?cve-2022-49901=E6=BC=8F=E6=B4=9E=E6=A3=80?= =?UTF-8?q?=E6=B5=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: xinian <1549580042@qq.com> --- .../SSTSTestcases/2025/08/CVE-2022-49901.json | 117 ++++++++++++++++++ .../SSTSTestcases/2025/08/CVE-2022-49901.yara | 31 +++++ 2 files changed, 148 insertions(+) create mode 100644 vulntest/SSTSTestcases/2025/08/CVE-2022-49901.json create mode 100644 vulntest/SSTSTestcases/2025/08/CVE-2022-49901.yara diff --git a/vulntest/SSTSTestcases/2025/08/CVE-2022-49901.json b/vulntest/SSTSTestcases/2025/08/CVE-2022-49901.json new file mode 100644 index 0000000..0f82303 --- /dev/null +++ b/vulntest/SSTSTestcases/2025/08/CVE-2022-49901.json @@ -0,0 +1,117 @@ +{ + "month": "2025-08", + "vulnerabilities": [ + { + "month": "2025-08", + "vul_id": { + "cve": "CVE-2022-49901", + "openharmony-sa": "" + }, + "severity": "medium", + "vul_description": { + "zh": "由于加载了模块null_blk.ko导致了内存泄漏,未引用对象 0xffff8881acb1f000(大小为1024): 命令“modprobe”,进程ID 836,系统时间戳 4294971190(时长 27.068秒)", + "en": "There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024):comm “modprobe”, pid 836, jiffies 4294971190 (age 27.068s)" + }, + "vul_impact": { + "zh": "模块null_blk.ko导致了内存泄漏", + "en": "There is a kmemleak caused by modprobe null_blk.ko" + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-08.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2025/2025-08.md" + }, + "patch_info": { + "5.0.3.x": { + "patch_url": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/39476253d46e77f5bdb360df264cbf5cadee2c07" + ], + "patch_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/39476253d46e77f5bdb360df264cbf5cadee2c07.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/kernel_linux_5.10/commit/39476253d46e77f5bdb360df264cbf5cadee2c07.diff" + ] + } + }, + "affected_projects": "kernel_linux_5.10", + "object_type": "kernel_linux", + "affected_versions": [ + "5.0.0-5.0.3" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + ], + "yara_rules": [ + "CVE-2022-49901.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2025/08/CVE-2022-49901.yara b/vulntest/SSTSTestcases/2025/08/CVE-2022-49901.yara new file mode 100644 index 0000000..adaee70 --- /dev/null +++ b/vulntest/SSTSTestcases/2025/08/CVE-2022-49901.yara @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" +import "elf" + + +rule CVE_2022_49901 +{ + meta: + date = "20250825" + file = "/dev/block/platform/fe310000.sdhci/by-name/boot_linux" + strings: + $unfix = {7F 52 00 B9 B9 11 00 94} + + condition: + $unfix and console.log("CVE-2022-49901 no testcase pass") +} \ No newline at end of file -- Gitee