Add CVE-2024-1085

Signed-off-by: Denis Efremov <efremov@linux.com>
evdenis · Feb 7, 2024 · 0617705 · 0617705
1 parent b599cb9
commit 0617705
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/cvehound/cve/CVE-2024-1085.cocci b/cvehound/cve/CVE-2024-1085.cocci
@@ -0,0 +1,32 @@
+/// Files: net/netfilter/nf_tables_api.c
+/// Fix: b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
+/// Fixes: aaa31047a6d25da0fa101da1ed544e1247949b40
+
+virtual detect
+
+@err@
+iterator name list_for_each_entry;
+position p;
+@@
+
+nft_setelem_catchall_deactivate(const struct net *net,
+				struct nft_set *set,
+				struct nft_set_elem *elem)
+{
+	...
+	list_for_each_entry(...) {
+		...
+*		if (!nft_is_active@p(net, ext) || ...)
+			continue;
+
+		kfree(elem->priv);
+		...
+	}
+	...
+}
+
+@script:python depends on detect@
+p << err.p;
+@@
+
+coccilib.report.print_report(p[0], 'ERROR: CVE-2024-1085')