audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration

2026-01-14 10:48:00 +02:00
parent d7be6ba34b
commit 95d5898650
379 changed files with 40695 additions and 19041 deletions
--- a/datasets/golden-pairs/CVE-2022-0847/metadata.json
+++ b/datasets/golden-pairs/CVE-2022-0847/metadata.json
@@ -0,0 +1,73 @@
+{
+  "cve": "CVE-2022-0847",
+  "name": "Dirty Pipe",
+  "description": "A flaw was found in the way the pipe buffer flag was handled in the Linux kernel. An unprivileged local user could exploit this flaw to overwrite data in arbitrary read-only files, leading to privilege escalation. The vulnerability affects Linux kernel versions 5.8 through 5.16.10, 5.15.0-5.15.24, and 5.10.0-5.10.101.",
+  "severity": "high",
+  "artifact": {
+    "name": "vmlinux",
+    "format": "elf",
+    "architecture": "x86_64",
+    "os": "linux"
+  },
+  "original": {
+    "package": "linux-image-unsigned-5.13.0-34-generic",
+    "version": "5.13.0-34.39",
+    "distro": "Ubuntu 21.10 (Impish)",
+    "source": "https://old-releases.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-unsigned-5.13.0-34-generic_5.13.0-34.39_amd64.deb",
+    "sha256": "pending",
+    "hasDebugSymbols": false,
+    "pathInPackage": "/boot/vmlinuz-5.13.0-34-generic"
+  },
+  "patched": {
+    "package": "linux-image-unsigned-5.13.0-35-generic",
+    "version": "5.13.0-35.40",
+    "distro": "Ubuntu 21.10 (Impish)",
+    "source": "https://old-releases.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-unsigned-5.13.0-35-generic_5.13.0-35.40_amd64.deb",
+    "sha256": "pending",
+    "hasDebugSymbols": false,
+    "pathInPackage": "/boot/vmlinuz-5.13.0-35-generic"
+  },
+  "patch": {
+    "commit": "9d2231c5d74e13b2a0546fee6737ee4446017903",
+    "upstream": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d2231c5d74e13b2a0546fee6737ee4446017903",
+    "functionsChanged": [
+      "copy_page_to_iter_pipe",
+      "push_pipe"
+    ],
+    "filesChanged": [
+      "fs/pipe.c",
+      "lib/iov_iter.c"
+    ],
+    "summary": "Fix PIPE_BUF_FLAG_CAN_MERGE handling to prevent arbitrary file overwrites by clearing the flag when allocating new pipe buffers"
+  },
+  "advisories": [
+    {
+      "source": "ubuntu",
+      "id": "USN-5317-1",
+      "url": "https://ubuntu.com/security/notices/USN-5317-1"
+    },
+    {
+      "source": "nvd",
+      "id": "CVE-2022-0847",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847"
+    },
+    {
+      "source": "researcher",
+      "id": "Dirty Pipe",
+      "url": "https://dirtypipe.cm4all.com/"
+    }
+  ],
+  "expectedDiff": {
+    "sectionsChanged": [
+      ".text"
+    ],
+    "sectionsIdentical": [
+      ".rodata",
+      ".data"
+    ],
+    "verdict": "patched",
+    "confidenceMin": 0.9
+  },
+  "createdAt": "2026-01-13T14:00:00Z",
+  "createdBy": "StellaOps Golden Pairs Tool v1.0.0"
+}