XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • None
    • None
    • None

      A group of Findings has been pushed to JIRA to be investigated and fixed:

      Group

      Group: Medium in test/PSSECAUT-317 / irqbalance-1.9.2-3.el9 / csmock Scan (SARIF)

      Severity CVE CWE Component Version Title Status
      Medium None 457 None None Using Uninitialized Value "Errsave". Active
      Medium None 457 None None Using Uninitialized Value "Errsave" When Calling "Strerror". Active

      Severity: Medium

      Findings

      Using Uninitialized Value "Errsave".

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974088 (2974088)
      Severity: Medium

      CWE: CWE-457
      CVE: Unknown

      Source File: irqbalance-1.9.2/activate.c

      Source Line: 97

      Description:
      *Result message:* Using uninitialized value "errsave".
      *Snippet:*
      ```Problem detected in this context:
      95| "Cannot change IRQ %i affinity: %s\n",
      96| info->irq, strerror(errsave));
      97|-> switch (errsave) {
      98| case ENOSPC: /* Specified CPU APIC is full. */
      99| case EAGAIN: /* Interrupted by signal. */```
      *Code flow:*
      1. irqbalance-1.9.2/activate.c:L53
      Declaring variable "errsave" without initializer.
      2. irqbalance-1.9.2/activate.c:L59
      Condition "!info->moved", taking false branch.
      3. irqbalance-1.9.2/activate.c:L62
      Condition "!info->assigned_obj", taking false branch.
      4. irqbalance-1.9.2/activate.c:L65
      Condition "info->flags & (2ULL /* 1ULL << 1 */)", taking false branch.
      5. irqbalance-1.9.2/activate.c:L74
      Condition "check_affinity(info, applied_mask)", taking false branch.
      6. irqbalance-1.9.2/activate.c:L79
      Condition "!file", taking true branch.
      7. irqbalance-1.9.2/activate.c:L80
      Jumping to label "error".
      8. irqbalance-1.9.2/activate.c:L94
      Condition "journal_logging", taking false branch.
      9. irqbalance-1.9.2/activate.c:L94
      Condition "log_mask & (3U /* (1 << 0) | (1 << 1) /) & (1U / 1 << 0 */)", taking false branch.
      10. irqbalance-1.9.2/activate.c:L94
      Condition "log_mask & (3U /* (1 << 0) | (1 << 1) /) & (2U / 1 << 1 */)", taking false branch.
      11. irqbalance-1.9.2/activate.c:L97
      Using uninitialized value "errsave".

      References:
      https://cwe.mitre.org/data/definitions/457.html

      Reporter: (ccota) ()

      Findings

      Using Uninitialized Value "Errsave" When Calling "Strerror".

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974087 (2974087)
      Severity: Medium

      CWE: CWE-457
      CVE: Unknown

      Source File: irqbalance-1.9.2/activate.c

      Source Line: 94

      Description:
      *Result message:* Using uninitialized value "errsave" when calling "strerror".
      *Snippet:*
      ```Problem detected in this context:
      92| return;
      93| error:
      94|-> log(TO_ALL, LOG_WARNING,
      95| "Cannot change IRQ %i affinity: %s\n",
      96| info->irq, strerror(errsave));```
      *Code flow:*
      1. irqbalance-1.9.2/activate.c:L53
      Declaring variable "errsave" without initializer.
      2. irqbalance-1.9.2/activate.c:L59
      Condition "!info->moved", taking false branch.
      3. irqbalance-1.9.2/activate.c:L62
      Condition "!info->assigned_obj", taking false branch.
      4. irqbalance-1.9.2/activate.c:L65
      Condition "info->flags & (2ULL /* 1ULL << 1 */)", taking false branch.
      5. irqbalance-1.9.2/activate.c:L74
      Condition "check_affinity(info, applied_mask)", taking false branch.
      6. irqbalance-1.9.2/activate.c:L79
      Condition "!file", taking true branch.
      7. irqbalance-1.9.2/activate.c:L80
      Jumping to label "error".
      8. irqbalance-1.9.2/activate.c:L94
      Condition "journal_logging", taking true branch.
      9. irqbalance-1.9.2/activate.c:L94
      Using uninitialized value "errsave" when calling "strerror".

      References:
      https://cwe.mitre.org/data/definitions/457.html

      Reporter: (ccota) ()

            Unassigned Unassigned
            defectdojo-prodsec Defect Dojo
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: