linux-intel: Fix for CVE-2018-16658

Fix for both linux-intel and linux-intel-rt. References: https://github.com/nluedtke/linux_kernel_cves/blob/master/4.14/4.14_security.txt https://nvd.nist.gov/vuln/detail/CVE-2018-16658 Change-Id: Icaa55f0e2167ee5a72b253bae4cb00d5708d66d1 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2018-09-21 08:34:53 +0200
committer: Martin Borg <martin.borg@enea.com> 2018-09-26 11:53:04 +0200
commit: 66bb24cffa127f106bb79e25e60aacb61fe63352 (patch)
tree: f448ef1ac66c1bc7427f9d3366568baf32f716d9 /recipes-kernel/linux/linux-intel/CVE-2018-16658.patch
parent: e5105c1a35907089dd13c0783ee5940106046896 (diff)
download: meta-enea-bsp-x86-66bb24cffa127f106bb79e25e60aacb61fe63352.tar.gz
1 files changed, 42 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch b/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch
new file mode 100644
index 0000000..d6dc109
--- /dev/null
+++ b/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch
@@ -0,0 +1,42 @@
+From 73b2e7073b51de0b03ebd15c97dd3ad0c3470810 Mon Sep 17 00:00:00 2001
+From: Scott Bauer <scott.bauer@intel.com>
+Date: Thu, 26 Apr 2018 11:51:08 -0600
+Subject: [PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
+commit 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 upstream.
+Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()"
+There is another cast from unsigned long to int which causes
+a bounds check to fail with specially crafted input. The value is
+then used as an index in the slot array in cdrom_slot_status().
+CVE: CVE-2018-16658
+Upstream-Status: Backport
+Signed-off-by: Scott Bauer <scott.bauer@intel.com>
+Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
+Cc: stable@vger.kernel.org
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/cdrom/cdrom.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
+index bfc566d..8cfa10ab 100644
+--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
+@@ -2542,7 +2542,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi,
+        if (!CDROM_CAN(CDC_SELECT_DISC) ||
+            (arg == CDSL_CURRENT || arg == CDSL_NONE))
+                return cdi->ops->drive_status(cdi, CDSL_CURRENT);
+-       if (((int)arg >= cdi->capacity))
+       if (arg >= cdi->capacity)
+                return -EINVAL;
+        return cdrom_slot_status(cdi, arg);
+ }
+-- 
+1.9.1
author	Sona Sarmadi <sona.sarmadi@enea.com>	2018-09-21 08:34:53 +0200
committer	Martin Borg <martin.borg@enea.com>	2018-09-26 11:53:04 +0200
commit	66bb24cffa127f106bb79e25e60aacb61fe63352 (patch)
tree	f448ef1ac66c1bc7427f9d3366568baf32f716d9 /recipes-kernel/linux/linux-intel/CVE-2018-16658.patch
parent	e5105c1a35907089dd13c0783ee5940106046896 (diff)
download	meta-enea-bsp-x86-66bb24cffa127f106bb79e25e60aacb61fe63352.tar.gz

diff --git a/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch b/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch new file mode 100644 index 0000000..d6dc109 --- /dev/null +++ b/recipes-kernel/linux/linux-intel/CVE-2018-16658.patch
@@ -0,0 +1,42 @@
	1	From 73b2e7073b51de0b03ebd15c97dd3ad0c3470810 Mon Sep 17 00:00:00 2001
	2	From: Scott Bauer <scott.bauer@intel.com>
	3	Date: Thu, 26 Apr 2018 11:51:08 -0600
	4	Subject: [PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
	5
	6	commit 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 upstream.
	7
	8	Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()"
	9
	10	There is another cast from unsigned long to int which causes
	11	a bounds check to fail with specially crafted input. The value is
	12	then used as an index in the slot array in cdrom_slot_status().
	13
	14	CVE: CVE-2018-16658
	15	Upstream-Status: Backport
	16
	17	Signed-off-by: Scott Bauer <scott.bauer@intel.com>
	18	Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
	19	Cc: stable@vger.kernel.org
	20	Signed-off-by: Jens Axboe <axboe@kernel.dk>
	21	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	22	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	23	---
	24	drivers/cdrom/cdrom.c \| 2 +-
	25	1 file changed, 1 insertion(+), 1 deletion(-)
	26
	27	diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
	28	index bfc566d..8cfa10ab 100644
	29	--- a/drivers/cdrom/cdrom.c
	30	+++ b/drivers/cdrom/cdrom.c
	31	@@ -2542,7 +2542,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi,
	32	if (!CDROM_CAN(CDC_SELECT_DISC) \|\|
	33	(arg == CDSL_CURRENT \|\| arg == CDSL_NONE))
	34	return cdi->ops->drive_status(cdi, CDSL_CURRENT);
	35	- if (((int)arg >= cdi->capacity))
	36	+ if (arg >= cdi->capacity)
	37	return -EINVAL;
	38	return cdrom_slot_status(cdi, arg);
	39	}
	40	--
	41	1.9.1
	42