Skip to content

Python tool to check your Android kernel for missing CVE patches.

Notifications You must be signed in to change notification settings

DrRamm/android-cve-checker

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE toolchain

This toolchain is meant for fully automated patching of your Linux kernel.

It consists of four main scripts:

  • cve_check.py
  • cve_apply.py
  • cve_push.py
  • sync_patches.py

All those are combined by the main.py script.
The arguments for main.py are as follows:

print("usage: main.py <OPTIONS> kernel_repo\n")
print("<OPTIONS>")
print("\t -h          Print this text\n" +
      "\t -i          Path to the directory containing the CVE patches\n" +
      "\t -o          Where to store the tool output files\n" +
      "\t -p          Specify this if you want to push to Gerrit\n" +
      "\t -u          Your Gerrit user name\n" +
      "\t -b          The destination branch\n")
      
  ./main.py -i ../patches -o out kernel_folder

CVE patches

As we currently have no way to fetch the CVE git patches directly from the tracker (cve.lineageos.org), we keep them around in this repository for now.
They reside in the "patches" directory and are split up according to the Linux version they apply to.

Use for update local patches ./sync_patches.py ../patches

BUGS

  • Only 3.4, 3.10, 3.18, 4.4 and 4.9 kernels
  • Can't parse lineageos gerrit (skipping)

About

Python tool to check your Android kernel for missing CVE patches.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%