1 files changed, 41 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
new file mode 100644
index 0000000..7d16535
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,41 @@
+CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
+A NULL pointer dereference flaw was found in the way the
+Linux kernel's Stream Control Transmission Protocol
+(SCTP) implementation handled simultaneous connections
+between the same hosts. A remote attacker could use this
+flaw to crash the system.
+Upstream-Status: Backport (from v3.16, commit 1be9a950c646c)
+References:
+    - https://access.redhat.com/security/cve/CVE-2014-5077
+    - http://patchwork.ozlabs.org/patch/372475/
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
+---
+ net/sctp/associola.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index 9de23a2..06a9ee6 100644
+--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
+@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+        asoc->c = new->c;
+        asoc->peer.rwnd = new->peer.rwnd;
+        asoc->peer.sack_needed = new->peer.sack_needed;
+       asoc->peer.auth_capable = new->peer.auth_capable;
+        asoc->peer.i = new->peer.i;
+        sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+                         asoc->peer.i.initial_tsn, GFP_ATOMIC);
+-- 
+1.9.1

diff --git a/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch new file mode 100644 index 0000000..7d16535 --- /dev/null +++ b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,41 @@
	1	CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
	2
	3	A NULL pointer dereference flaw was found in the way the
	4	Linux kernel's Stream Control Transmission Protocol
	5	(SCTP) implementation handled simultaneous connections
	6	between the same hosts. A remote attacker could use this
	7	flaw to crash the system.
	8
	9	Upstream-Status: Backport (from v3.16, commit 1be9a950c646c)
	10
	11	References:
	12	- https://access.redhat.com/security/cve/CVE-2014-5077
	13	- http://patchwork.ozlabs.org/patch/372475/
	14
	15	Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
	16	Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
	17	Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
	18	Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
	19	Cc: Vlad Yasevich <vyasevich@gmail.com>
	20	Acked-by: Vlad Yasevich <vyasevich@gmail.com>
	21	Signed-off-by: David S. Miller <davem@davemloft.net>
	22	Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
	23	---
	24	net/sctp/associola.c \| 1 +
	25	1 file changed, 1 insertion(+)
	26
	27	diff --git a/net/sctp/associola.c b/net/sctp/associola.c
	28	index 9de23a2..06a9ee6 100644
	29	--- a/net/sctp/associola.c
	30	+++ b/net/sctp/associola.c
	31	@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
	32	asoc->c = new->c;
	33	asoc->peer.rwnd = new->peer.rwnd;
	34	asoc->peer.sack_needed = new->peer.sack_needed;
	35	+ asoc->peer.auth_capable = new->peer.auth_capable;
	36	asoc->peer.i = new->peer.i;
	37	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
	38	asoc->peer.i.initial_tsn, GFP_ATOMIC);
	39	--
	40	1.9.1
	41