add CVE-2022-1679

2023-03-15 15:50:38 +08:00 · 2023-03-15 15:50:38 +08:00 · b56e219810
parent 185f4cddd3
commit b56e219810
4 changed files with 70 additions and 0 deletions
--- a/data/KernelPocs/CVE-2022-1679/CVE-2022-1679.yaml
+++ b/data/KernelPocs/CVE-2022-1679/CVE-2022-1679.yaml
@ -0,0 +1,26 @@
+FormatVer: 20220517
+id: CVE-2022-1679
+source: https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679
+info:
+  name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
+  severity: high
+  description: |
+    Linux kernel 存在安全漏洞，该漏洞源于在Athero无线适配器驱动程序发现了一个释放后重用缺陷，用户强制 ath9k_htc_wait_for_target 函数失败并显示一些输入消息。攻击者利用该漏洞提升系统上的权限。
+  scope-of-influence:
+    Linux kernel 5.10
+  reference:
+    - https://security.netapp.com/advisory/ntap-20220629-0007/
+    - https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-1679
+    - https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2022-1679
+    cwe-id: CWE-416
+    cnvd-id: None
+    KveId:None
+  tags: 
+    - 非法权限提升
+    - 重用缺陷
+  
--- a/data/KernelPocs/CVE-2022-1679/CVE2022-1679.sh
+++ b/data/KernelPocs/CVE-2022-1679/CVE2022-1679.sh
@ -0,0 +1,25 @@
+echo "Checking if your system is vulnerable to CVE 2022-1679"
+
+a=$(grep -H -e "^[[:blank:]]*blacklist [[:blank:]]*ath9k$" /etc/modprobe.d/*)
+
+if [[ -z $a ]]
+then
+        echo "you are vulnerable to CV2 2022-1679"
+        read -p "DO YOU WANT TO REMEDIATE? (yes/no)" uservar
+        if [ $uservar == yes ]
+        then
+               echo blacklist ath9k >> /etc/modprobe.d/blacklist.conf
+               echo "mitigation completed you are now save from CVE 2022-1679"
+        elif [ $uservar == no ]
+        then
+                echo "exiting"
+                exit
+        else
+                echo "cannot understand the command you have entered please try again"
+                exit
+        fi
+else
+        echo "you are already mitigated"
+        echo "exiting"
+        exit
+fi
--- a/data/KernelPocs/CVE-2022-1679/README.md
+++ b/data/KernelPocs/CVE-2022-1679/README.md
@ -0,0 +1,17 @@
+# -Detection-and-Mitigation-for-CVE-2022-1679
+
+
+#Description
+
+The ath9k is a Linux kernel driver supporting Atheros chips. A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. t is recommended to blacklist the module if not being used for the affected version of the CVE-2022-1679 vulnerability.
+## Installation
+
+```bash
+wget https://github.com/EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-1679.git
+```
+    
+## Usage
+
+```bash
+  ./CVE2022-1679.sh 
+```
--- a/data/KernelPocs/KernelPocs.yaml
+++ b/data/KernelPocs/KernelPocs.yaml
@ -10,3 +10,5 @@ ExplorerItems:
    # - ConfigFile: CVE-2022-25636/CVE-2022-25636.yaml
    # - ConfigFile: CVE-2022-0995/CVE-2022-0995.yaml
    # - ConfigFile: CVE-2023-0179/CVE-2023-0179.yaml
+    - ConfigFile: CVE-2022-1679/CVE-2022-1679.yaml
+