cvehound icon indicating copy to clipboard operation
cvehound copied to clipboard
verified publisher icon evdenis

CVE-2021-28971 crash and wrong architecture

Open jereviikari opened this issue 4 years ago • 4 comments

I have 4.14.193 arm64 kernel.

The CVE is x86 specific.

$ ~/.local/bin/cvehound --kernel my_kernel --config my_kernel_config --cve CVE-2021-28971
Found: CVE-2021-28971
MSG: perf/x86/intel: Fix a crash caused by zero PEBS status
CWE: Uncontrolled Resource Consumption
CVSS2: 4.9
CVSS3: 5.5
FIX DATE: 2021-03-16
https://www.linuxkernelcves.com/cves/CVE-2021-28971
Affected Files:
Traceback (most recent call last):
  File "/home/jere/.local/bin/cvehound", line 8, in <module>
    sys.exit(main())
  File "/home/jere/.local/lib/python3.9/site-packages/cvehound/__main__.py", line 147, in main
    result = hound.check_cve(cve, cmdargs.all_files)
  File "/home/jere/.local/lib/python3.9/site-packages/cvehound/__init__.py", line 231, in check_cve
    self._print_affected_files(config_result)
  File "/home/jere/.local/lib/python3.9/site-packages/cvehound/__init__.py", line 109, in _print_affected_files
    logging.info(' - ' + file + ': ' + logic + '\n   ' + self.config_file + ': ' + affected)
TypeError: can only concatenate str (not "bool") to str

Then I remove logic variable on line 109 above I'll get:

$ ~/.local/bin/cvehound --kernel my_kernel --config my_kernel_config --cve CVE-2021-28971 --report
Found: CVE-2021-28971
MSG: perf/x86/intel: Fix a crash caused by zero PEBS status
CWE: Uncontrolled Resource Consumption
CVSS2: 4.9
CVSS3: 5.5
FIX DATE: 2021-03-16
https://www.linuxkernelcves.com/cves/CVE-2021-28971
Affected Files:
 - arch/x86/events/intel/ds.c:
   my_kernel_config: affected
Config: my_kernel_config affected

Report saved to: report.json

report.json.txt

jereviikari avatar Dec 14 '21 21:12 jereviikari

Thanks for the report. I fixed a crash with https://github.com/evdenis/cvehound/commit/f01aa834fc1271cb3e53ab4c068a790fe377c7fd Regarding wrong architecture detection (and kvm/xen cves reported even if they are not enabled in .config). I know about this problem, it's not easy fixable (due to complex structure of Makefile/Kconfig rules). I'm working on it and hopefully will support proper architecture/kvm/xen .config detection soon.

evdenis avatar Dec 15 '21 07:12 evdenis

Hi,

The fix causes now another issue:

Found: CVE-2020-27815
MSG: jfs: Fix array index bounds check in dbAdjTree
CWE: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS2: 6.1
CVSS3: 7.8
FIX DATE: 2020-11-13
https://www.linuxkernelcves.com/cves/CVE-2020-27815
Affected Files:
Traceback (most recent call last):
  File "/home/jere/.local/bin/cvehound", line 8, in <module>
    sys.exit(main())
  File "/home/jere/.local/lib/python3.9/site-packages/cvehound/__main__.py", line 147, in main
    result = hound.check_cve(cve, cmdargs.all_files)
  File "/home/jere/.local/lib/python3.9/site-packages/cvehound/__init__.py", line 231, in check_cve
    self._print_affected_files(config_result)
  File "/home/jere/.local/lib/python3.9/site-packages/cvehound/__init__.py", line 106, in _print_affected_files
    logic = config['files'][file]['logic']
KeyError: 'logic'

jereviikari avatar Dec 16 '21 14:12 jereviikari

I pushed yesterday 2 commits and the second one was to handle this problem https://github.com/evdenis/cvehound/commit/040ae5d500d6c30078df1a03bc9c3e6878c1d11c How did you install the tool?

evdenis avatar Dec 16 '21 14:12 evdenis

My bad. I originally installed it using pip install and edited the file manually. With both commits integrated it runs successfully.

Thank you.

jereviikari avatar Dec 16 '21 14:12 jereviikari