From 7e67157d7e105ab6b70e3fcb3aa8c66310d076bc Mon Sep 17 00:00:00 2001
From: jia-shiyi-0129 <jsy2239111@buaa.edu.cn>
Date: Thu, 9 Mar 2023 23:18:08 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2022-1679?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../2022/CVE-2022-1679/CVE2022-1679.sh        | 25 +++++++++++++++++++
 cve/linux-kernel/2022/CVE-2022-1679/README.md | 17 +++++++++++++
 cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml | 24 ++++++++++++++++++
 openkylin_list.yaml                           |  1 +
 4 files changed, 67 insertions(+)
 create mode 100644 cve/linux-kernel/2022/CVE-2022-1679/CVE2022-1679.sh
 create mode 100644 cve/linux-kernel/2022/CVE-2022-1679/README.md
 create mode 100644 cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml

diff --git a/cve/linux-kernel/2022/CVE-2022-1679/CVE2022-1679.sh b/cve/linux-kernel/2022/CVE-2022-1679/CVE2022-1679.sh
new file mode 100644
index 00000000..f13a5e20
--- /dev/null
+++ b/cve/linux-kernel/2022/CVE-2022-1679/CVE2022-1679.sh
@@ -0,0 +1,25 @@
+echo "Checking if your system is vulnerable to CVE 2022-1679"
+
+a=$(grep -H -e "^[[:blank:]]*blacklist [[:blank:]]*ath9k$" /etc/modprobe.d/*)
+
+if [[ -z $a ]]
+then
+        echo "you are vulnerable to CV2 2022-1679"
+        read -p "DO YOU WANT TO REMEDIATE? (yes/no)" uservar
+        if [ $uservar == yes ]
+        then
+               echo blacklist ath9k >> /etc/modprobe.d/blacklist.conf
+               echo "mitigation completed you are now save from CVE 2022-1679"
+        elif [ $uservar == no ]
+        then
+                echo "exiting"
+                exit
+        else
+                echo "cannot understand the command you have entered please try again"
+                exit
+        fi
+else
+        echo "you are already mitigated"
+        echo "exiting"
+        exit
+fi
diff --git a/cve/linux-kernel/2022/CVE-2022-1679/README.md b/cve/linux-kernel/2022/CVE-2022-1679/README.md
new file mode 100644
index 00000000..55b271b9
--- /dev/null
+++ b/cve/linux-kernel/2022/CVE-2022-1679/README.md
@@ -0,0 +1,17 @@
+# -Detection-and-Mitigation-for-CVE-2022-1679
+
+
+#Description
+
+The ath9k is a Linux kernel driver supporting Atheros chips. A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. t is recommended to blacklist the module if not being used for the affected version of the CVE-2022-1679 vulnerability.
+## Installation
+
+```bash
+wget https://github.com/EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-1679.git
+```
+    
+## Usage
+
+```bash
+  ./CVE2022-1679.sh 
+```
diff --git a/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml b/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml
new file mode 100644
index 00000000..e95ac1b4
--- /dev/null
+++ b/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml
@@ -0,0 +1,24 @@
+id: CVE-2022-1679
+source: https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679
+info:
+  name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
+  severity: high
+  description: |
+    在Linux内核的Atheros无线适配器驱动程序中发现了一个释放后使用的缺陷，即用户强制ath9k_htc_wait_for_target函数失败并显示一些输入消息。此漏洞允许本地用户崩溃或可能升级其在系统上的权限。
+  scope-of-influence:
+    Linux kernel 5.10
+  reference:
+    - CONFIRM:https://security.netapp.com/advisory/ntap-20220629-0007/
+    - MISC:https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
+    - URL:https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
+    - MLIST:[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
+    - URL:https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
+    - MLIST:[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
+    - URL:https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2022-1679
+    cwe-id: CWE-416
+    cnvd-id: None
+  tags: 权限提升,cve2022
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 323454b7..98c7ece6 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -16,6 +16,7 @@ cve:
     - CVE-2022-0492
     - CVE-2022-2588
     - CVE-2022-25636
+    - CVE-2022-1679
   sudo:
     - CVE-2021-3156
     - CVE-2023-22809
-- 
Gitee


From 41db51eb58f3b415ac899d725fcbf400933e1c89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B1=B1=E5=B1=B1=E8=80=8C=E5=B7=9D?=
 <jsy2239111@buaa.edu.cn>
Date: Fri, 10 Mar 2023 10:03:52 +0000
Subject: [PATCH 2/4] update cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 山山而川 <jsy2239111@buaa.edu.cn>
---
 cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml b/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml
index e95ac1b4..9c2aea41 100644
--- a/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml
+++ b/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml
@@ -8,13 +8,8 @@ info:
   scope-of-influence:
     Linux kernel 5.10
   reference:
-    - CONFIRM:https://security.netapp.com/advisory/ntap-20220629-0007/
-    - MISC:https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
-    - URL:https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
-    - MLIST:[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
-    - URL:https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
-    - MLIST:[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
-    - URL:https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-1679
+    - https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
   classification:
     cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.8
-- 
Gitee


From af2ee6e87b6e66cc981fb4175cf4f97152626946 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B1=B1=E5=B1=B1=E8=80=8C=E5=B7=9D?=
 <jsy2239111@buaa.edu.cn>
Date: Mon, 13 Mar 2023 02:15:27 +0000
Subject: [PATCH 3/4] rename cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml to
 CVE-2022-1679.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 山山而川 <jsy2239111@buaa.edu.cn>
---
 .../2022/yaml/{CVE-2023-1679.yaml => CVE-2022-1679.yaml}          | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cve/linux-kernel/2022/yaml/{CVE-2023-1679.yaml => CVE-2022-1679.yaml} (100%)

diff --git a/cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml b/cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml
similarity index 100%
rename from cve/linux-kernel/2022/yaml/CVE-2023-1679.yaml
rename to cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml
-- 
Gitee


From b273a5430a45bf87393fc4f49f2177b2ca1e58fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B1=B1=E5=B1=B1=E8=80=8C=E5=B7=9D?=
 <jsy2239111@buaa.edu.cn>
Date: Mon, 13 Mar 2023 02:30:40 +0000
Subject: [PATCH 4/4] update cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 山山而川 <jsy2239111@buaa.edu.cn>
---
 cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml b/cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml
index 9c2aea41..d07729f3 100644
--- a/cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml
+++ b/cve/linux-kernel/2022/yaml/CVE-2022-1679.yaml
@@ -16,4 +16,4 @@ info:
     cve-id: CVE-2022-1679
     cwe-id: CWE-416
     cnvd-id: None
-  tags: 权限提升,cve2022
+  tags: 权限提升, cve2022
-- 
Gitee