Fixes information leak in llc2_timeout_table. References: http://www.openwall.com/lists/oss-security/2015/02/20/19 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041
Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch /?id=553dd569ff29bc38cebbf9f9dd7c791863ee9113 Signed-off-by: Sona Sarmadi <[email protected]> --- recipes-kernel/linux/files/net-CVE-2015-2041.patch | 62 ++++++++++++++++++++++ recipes-kernel/linux/linux-qoriq_3.12.bb | 1 + 2 files changed, 63 insertions(+) create mode 100644 recipes-kernel/linux/files/net-CVE-2015-2041.patch diff --git a/recipes-kernel/linux/files/net-CVE-2015-2041.patch b/recipes-kernel/linux/files/net-CVE-2015-2041.patch new file mode 100644 index 0000000..a62f2ea --- /dev/null +++ b/recipes-kernel/linux/files/net-CVE-2015-2041.patch @@ -0,0 +1,62 @@ +From 553dd569ff29bc38cebbf9f9dd7c791863ee9113 Mon Sep 17 00:00:00 2001 +From: Sasha Levin <[email protected]> +Date: Fri, 23 Jan 2015 20:47:00 -0500 +Subject: net: llc: use correct size for sysctl timeout entries + +commit 6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 upstream. + +The timeout entries are sizeof(int) rather than sizeof(long), which +means that when they were getting read we'd also leak kernel memory +to userspace along with the timeout values. + +Fixes CVE-2015-2041 +Upstream-Status: Backport + +Signed-off-by: Sasha Levin <[email protected]> +Signed-off-by: David S. Miller <[email protected]> +Signed-off-by: Jiri Slaby <[email protected]> +Signed-off-by: Sona Sarmadi <[email protected]> +--- + net/llc/sysctl_net_llc.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c +index 612a5dd..799bafc 100644 +--- a/net/llc/sysctl_net_llc.c ++++ b/net/llc/sysctl_net_llc.c +@@ -18,28 +18,28 @@ static struct ctl_table llc2_timeout_table[] = { + { + .procname = "ack", + .data = &sysctl_llc2_ack_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_ack_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "busy", + .data = &sysctl_llc2_busy_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_busy_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "p", + .data = &sysctl_llc2_p_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_p_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "rej", + .data = &sysctl_llc2_rej_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_rej_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, +-- +1.9.1 + diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb index 8587b48..4a2ea43 100644 --- a/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/recipes-kernel/linux/linux-qoriq_3.12.bb @@ -36,6 +36,7 @@ SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ file://mm-CVE-2014-3122.patch \ file://media-ttusb-dec-CVE-2014-8884.patch \ file://net-sctp-CVE-2015-1421.patch \ + file://net-CVE-2015-2041.patch \ " SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229" -- 1.9.1 -- _______________________________________________ meta-freescale mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-freescale
