Major A group of Findings has been pushed to JIRA to be investigated and fixed:
Group
Group: High Criticality True Positives in test/PSSECAUT-317 / irqbalance-1.9.2-3.el9 / csmock Scan (SARIF)
| Severity | CVE | CWE | Component | Version | Title | Status |
|---|---|---|---|---|---|---|
| High | None | 125 | None | None | The Value From Recv, a Standard Library Function That Can Return a Negative Value Is Used as an Index. A Negative Array Index Can Lead to [...] | Active |
| High | None | 457 | None | None | Using Uninitialized Value "Errsave". | Active |
| High | None | 457 | None | None | Using Uninitialized Value "Errsave" When Calling "Strerror". | Active |
Severity: High
Findings
The Value From Recv, a Standard Library Function That Can Return a Negative Value Is Used as an Index. A Negative Array Index Can Lead to [...]
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974089 (2974089)
Severity: High
CWE: CWE-125
CVE: Unknown
Source File: irqbalance-1.9.2/ui/irqbalance-ui.c
Source Line: 128
Description:
*Result message:* The value from recv, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use.
*Snippet:*
```Problem detected in this context:
126|
127| char *data = malloc(default_bufsz);
128|-> int len = recv(socket_fd, data, default_bufsz, MSG_TRUNC);
129| close(socket_fd);
130| data[len] = '\0';```
*Code flow:*
1. irqbalance-1.9.2/ui/irqbalance-ui.c:L128:C12
The value from recv, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use.
References:
https://cwe.mitre.org/data/definitions/125.html
Reporter: (ccota) ()
Findings
Using Uninitialized Value "Errsave".
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974088 (2974088)
Severity: High
CWE: CWE-457
CVE: Unknown
Source File: irqbalance-1.9.2/activate.c
Source Line: 97
Description:
*Result message:* Using uninitialized value "errsave".
*Snippet:*
```Problem detected in this context:
95| "Cannot change IRQ %i affinity: %s\n",
96| info->irq, strerror(errsave));
97|-> switch (errsave) {
98| case ENOSPC: /* Specified CPU APIC is full. */
99| case EAGAIN: /* Interrupted by signal. */```
*Code flow:*
1. irqbalance-1.9.2/activate.c:L53
Declaring variable "errsave" without initializer.
2. irqbalance-1.9.2/activate.c:L59
Condition "!info->moved", taking false branch.
3. irqbalance-1.9.2/activate.c:L62
Condition "!info->assigned_obj", taking false branch.
4. irqbalance-1.9.2/activate.c:L65
Condition "info->flags & (2ULL /* 1ULL << 1 */)", taking false branch.
5. irqbalance-1.9.2/activate.c:L74
Condition "check_affinity(info, applied_mask)", taking false branch.
6. irqbalance-1.9.2/activate.c:L79
Condition "!file", taking true branch.
7. irqbalance-1.9.2/activate.c:L80
Jumping to label "error".
8. irqbalance-1.9.2/activate.c:L94
Condition "journal_logging", taking false branch.
9. irqbalance-1.9.2/activate.c:L94
Condition "log_mask & (3U /* (1 << 0) | (1 << 1) /) & (1U / 1 << 0 */)", taking false branch.
10. irqbalance-1.9.2/activate.c:L94
Condition "log_mask & (3U /* (1 << 0) | (1 << 1) /) & (2U / 1 << 1 */)", taking false branch.
11. irqbalance-1.9.2/activate.c:L97
Using uninitialized value "errsave".
References:
https://cwe.mitre.org/data/definitions/457.html
Reporter: (ccota) ()
Findings
Using Uninitialized Value "Errsave" When Calling "Strerror".
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974087 (2974087)
Severity: High
CWE: CWE-457
CVE: Unknown
Source File: irqbalance-1.9.2/activate.c
Source Line: 94
Description:
*Result message:* Using uninitialized value "errsave" when calling "strerror".
*Snippet:*
```Problem detected in this context:
92| return;
93| error:
94|-> log(TO_ALL, LOG_WARNING,
95| "Cannot change IRQ %i affinity: %s\n",
96| info->irq, strerror(errsave));```
*Code flow:*
1. irqbalance-1.9.2/activate.c:L53
Declaring variable "errsave" without initializer.
2. irqbalance-1.9.2/activate.c:L59
Condition "!info->moved", taking false branch.
3. irqbalance-1.9.2/activate.c:L62
Condition "!info->assigned_obj", taking false branch.
4. irqbalance-1.9.2/activate.c:L65
Condition "info->flags & (2ULL /* 1ULL << 1 */)", taking false branch.
5. irqbalance-1.9.2/activate.c:L74
Condition "check_affinity(info, applied_mask)", taking false branch.
6. irqbalance-1.9.2/activate.c:L79
Condition "!file", taking true branch.
7. irqbalance-1.9.2/activate.c:L80
Jumping to label "error".
8. irqbalance-1.9.2/activate.c:L94
Condition "journal_logging", taking true branch.
9. irqbalance-1.9.2/activate.c:L94
Using uninitialized value "errsave" when calling "strerror".
References:
https://cwe.mitre.org/data/definitions/457.html
Reporter: (ccota) ()