Home

Awesome

GitHub Actions status Supported Versions of Python PyPI package version

CVEhound

CVEhound is a tool for checking linux sources for known CVEs. The tool is based on coccinelle rules and grep patterns. The tool checks sources for vulnerable code patterns of known CVEs and missing fixes for them.

CVEHound: Audit Kernel Sources for Missing CVE Fixes

Linux Security Summit 2021 Presentation (EN)

<p align="center"> <a href="https://www.youtube.com/watch?v=jIDnVeZNUA8"> <img src="https://img.youtube.com/vi/jIDnVeZNUA8/0.jpg" alt="Linux Security Summit 2021 Presentation"/> </a> </p>

ZeroNights 2021 Presentation (RU)

<p align="center"> <a href="https://www.youtube.com/watch?v=-QwLkpYzQIk"> <img src="https://img.youtube.com/vi/-QwLkpYzQIk/0.jpg" alt="ZeroNights 2021 Presentation"/> </a> </p>

Found issues in stable trees

Prerequisites

Install prerequisites:

# Ubuntu, coccinelle uses libpython2.7 internally
# Seems like some ppas mark libpython dependency as optional
$ sudo add-apt-repository ppa:npalix/coccinelle
$ sudo apt install python3-pip coccinelle libpython2.7

# Fedora
$ sudo dnf install python3-pip coccinelle

# macOS
$ brew install coccinelle

Installation

To install the latest stable version just run the following command:

$ python3 -m pip install --user cvehound

For development purposes you may install cvehound in "editable" mode directly from the repository (clone it on your computer beforehand):

$ pip install -e .

To update the cve rules from github repository:

$ cvehound_update_rules

How to use

The simplest way to start using CVEhound is to run the following command:

$ cvehound --kernel ~/linux
Found: CVE-2020-27830
Found: CVE-2020-27152
Found: CVE-2020-29371
Found: CVE-2020-26088

where dir should point to linux kernel sources. CVEhound will check the sources for all cve patterns that you can find in cve dir. To check the sources for particular CVEs one can use:

$ cvehound --kernel ./linux --kernel-config --cve CVE-2020-27194 CVE-2020-29371
Checking: CVE-2020-27194
Found: CVE-2020-27194
MSG: bpf: Fix scalar32_min_max_or bounds tracking
CWE: Improper Restriction of Operations within the Bounds of a Memory Buffer
FIX DATE: 2020-10-08 09:02:53
https://www.linuxkernelcves.com/cves/CVE-2020-27194
Affected Files:
 - linux/kernel/bpf/verifier.c: CONFIG_BPF & CONFIG_BPF_SYSCALL
   linux/.config: affected
Config: ./linux/.config affected

Checking: CVE-2020-29371
Found: CVE-2020-29371
MSG: romfs: fix uninitialized memory leak in romfs_dev_read()
CWE: Use of Uninitialized Resource
FIX DATE: 2020-08-21 16:52:53
https://www.linuxkernelcves.com/cves/CVE-2020-29371
Affected Files:
 - linux/fs/romfs/storage.c: CONFIG_ROMFS_FS
   linux/.config: not affected
Config: ./linux/.config not affected

Other args:

LICENSE

Python code is licensed under GPLv3. All rules in cvehound/cve folder are licensed under GPLv2.

Acknowledgements

I would like to thank the following projects and people behind them: