diff options
| author | Adrian Stratulat <adrian.stratulat@enea.com> | 2019-05-28 11:42:57 +0200 |
|---|---|---|
| committer | Adrian Stratulat <adrian.stratulat@enea.com> | 2019-05-28 12:56:25 +0200 |
| commit | 8f4dae8fb7ae74e4ae7087712cb44492e294e6b0 (patch) | |
| tree | 93b80bcdf0b1d1a03269ae07c0b8c305097a2f97 | |
| parent | bbbaee9150a62c2965710ff2245b65da32f35eb5 (diff) | |
| download | enea-kernel-cache-8f4dae8fb7ae74e4ae7087712cb44492e294e6b0.tar.gz | |
linux-qoriq: CVE-2019-8980
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-8980
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f612acfae86af7ecad754ae6a46019be9da05b8e
Change-Id: I8aee55ac3d56dc610ac4eeaca7d0d099df418886
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
| -rw-r--r-- | patches/cve/4.14.x.scc | 1 | ||||
| -rw-r--r-- | patches/cve/CVE-2019-8980.patch | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/patches/cve/4.14.x.scc b/patches/cve/4.14.x.scc new file mode 100644 index 0000000..b41503c --- /dev/null +++ b/patches/cve/4.14.x.scc | |||
| @@ -0,0 +1 @@ | |||
| patch CVE-2019-8980.patch | |||
diff --git a/patches/cve/CVE-2019-8980.patch b/patches/cve/CVE-2019-8980.patch new file mode 100644 index 0000000..d5bdddc --- /dev/null +++ b/patches/cve/CVE-2019-8980.patch | |||
| @@ -0,0 +1,52 @@ | |||
| 1 | From f612acfae86af7ecad754ae6a46019be9da05b8e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: YueHaibing <yuehaibing@huawei.com> | ||
| 3 | Date: Tue, 19 Feb 2019 10:10:38 +0800 | ||
| 4 | Subject: exec: Fix mem leak in kernel_read_file | ||
| 5 | |||
| 6 | syzkaller report this: | ||
| 7 | BUG: memory leak | ||
| 8 | unreferenced object 0xffffc9000488d000 (size 9195520): | ||
| 9 | comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) | ||
| 10 | hex dump (first 32 bytes): | ||
| 11 | ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ | ||
| 12 | 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... | ||
| 13 | backtrace: | ||
| 14 | [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] | ||
| 15 | [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] | ||
| 16 | [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 | ||
| 17 | [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 | ||
| 18 | [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 | ||
| 19 | [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 | ||
| 20 | [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 | ||
| 21 | [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe | ||
| 22 | [<00000000241f889b>] 0xffffffffffffffff | ||
| 23 | |||
| 24 | It should goto 'out_free' lable to free allocated buf while kernel_read | ||
| 25 | fails. | ||
| 26 | |||
| 27 | Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory") | ||
| 28 | Signed-off-by: YueHaibing <yuehaibing@huawei.com> | ||
| 29 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | ||
| 30 | Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com> | ||
| 31 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f612acfae86af7ecad754ae6a46019be9da05b8e] | ||
| 32 | CVE: CVE-2019-8980 | ||
| 33 | --- | ||
| 34 | fs/exec.c | 2 +- | ||
| 35 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 36 | |||
| 37 | diff --git a/fs/exec.c b/fs/exec.c | ||
| 38 | index fb72d36f7823..bcf383730bea 100644 | ||
| 39 | --- a/fs/exec.c | ||
| 40 | +++ b/fs/exec.c | ||
| 41 | @@ -932,7 +932,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, | ||
| 42 | bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); | ||
| 43 | if (bytes < 0) { | ||
| 44 | ret = bytes; | ||
| 45 | - goto out; | ||
| 46 | + goto out_free; | ||
| 47 | } | ||
| 48 | |||
| 49 | if (bytes == 0) | ||
| 50 | -- | ||
| 51 | cgit 1.2-0.3.lf.el7 | ||
| 52 | |||