Add CVE-2024-0193

Signed-off-by: Denis Efremov <efremov@linux.com>
evdenis · Feb 2, 2024 · d3f75fd · d3f75fd
1 parent 105a0c6
commit d3f75fd
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/cvehound/cve/CVE-2024-0193.cocci b/cvehound/cve/CVE-2024-0193.cocci
@@ -0,0 +1,29 @@
+/// Files: net/netfilter/nf_tables_api.c
+/// Fix: 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a
+/// Detect-To: 212ed75dc5fb9d1423b3942c8f872a868cda3466
+
+virtual detect
+
+@err@
+identifier set, set_update_list;
+iterator name list_for_each_entry_safe;
+position p;
+@@
+
+nft_set_commit_update(struct list_head *set_update_list)
+{
+	...
+	list_for_each_entry_safe(set, ..., set_update_list, ...) {
+		...
+*		if (!set->ops->commit@p)
+*			continue;
+		...
+	}
+	...
+}
+
+@script:python depends on detect@
+p << err.p;
+@@
+
+coccilib.report.print_report(p[0], 'ERROR: CVE-2024-0193')
diff --git a/tests/test_00_metadata.py b/tests/test_00_metadata.py
@@ -55,6 +55,7 @@ def test_cves_metadata_cwe(hound):
         ('CVE-2019-19051', "wrong fixes tag because the fix fixing the fix fixing the memory leak"),
         ('CVE-2021-3635', "wrong fixes tag, commit fixes not only flowtables but also objs"),
         ('CVE-2022-3170', "CVE fix consists of 2 commits, 2nd commit fixes 1st one"),
+        ('CVE-2024-0193', "wrong fixes tag, 5f68718b34a5 fixes race"),
     ]
 )
 def test_fixes(hound, repo, cve):