[meta-freescale] [meta-fsl-ppc][PATCH][dizzy 4/5] net: CVE-2015-2041
Sona Sarmadi
sona.sarmadi at enea.com
Tue Dec 15 04:57:32 PST 2015
Fixes information leak in llc2_timeout_table.
References:
http://www.openwall.com/lists/oss-security/2015/02/20/19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=553dd569ff29bc38cebbf9f9dd7c791863ee9113
Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
---
recipes-kernel/linux/files/net-CVE-2015-2041.patch | 62 ++++++++++++++++++++++
recipes-kernel/linux/linux-qoriq_3.12.bb | 1 +
2 files changed, 63 insertions(+)
create mode 100644 recipes-kernel/linux/files/net-CVE-2015-2041.patch
diff --git a/recipes-kernel/linux/files/net-CVE-2015-2041.patch b/recipes-kernel/linux/files/net-CVE-2015-2041.patch
new file mode 100644
index 0000000..a62f2ea
--- /dev/null
+++ b/recipes-kernel/linux/files/net-CVE-2015-2041.patch
@@ -0,0 +1,62 @@
+From 553dd569ff29bc38cebbf9f9dd7c791863ee9113 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Fri, 23 Jan 2015 20:47:00 -0500
+Subject: net: llc: use correct size for sysctl timeout entries
+
+commit 6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 upstream.
+
+The timeout entries are sizeof(int) rather than sizeof(long), which
+means that when they were getting read we'd also leak kernel memory
+to userspace along with the timeout values.
+
+Fixes CVE-2015-2041
+Upstream-Status: Backport
+
+Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby at suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
+---
+ net/llc/sysctl_net_llc.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c
+index 612a5dd..799bafc 100644
+--- a/net/llc/sysctl_net_llc.c
++++ b/net/llc/sysctl_net_llc.c
+@@ -18,28 +18,28 @@ static struct ctl_table llc2_timeout_table[] = {
+ {
+ .procname = "ack",
+ .data = &sysctl_llc2_ack_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_ack_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+ {
+ .procname = "busy",
+ .data = &sysctl_llc2_busy_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_busy_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+ {
+ .procname = "p",
+ .data = &sysctl_llc2_p_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_p_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+ {
+ .procname = "rej",
+ .data = &sysctl_llc2_rej_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_rej_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ },
+--
+1.9.1
+
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb
index 8587b48..4a2ea43 100644
--- a/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -36,6 +36,7 @@ SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
file://mm-CVE-2014-3122.patch \
file://media-ttusb-dec-CVE-2014-8884.patch \
file://net-sctp-CVE-2015-1421.patch \
+ file://net-CVE-2015-2041.patch \
"
SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229"
--
1.9.1
More information about the meta-freescale
mailing list