diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-02-09 07:12:44 +0100 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2016-02-10 01:14:30 +0100 |
commit | 7e15834edfd7f1a4bed0555440b7db97c2b1198e (patch) | |
tree | e7860b89b9de87a7fab41a6ba89b91d05e87ce85 | |
parent | 743d7ed8232663977b19c0887561a6204bea3e5b (diff) | |
download | meta-enea-7e15834edfd7f1a4bed0555440b7db97c2b1198e.tar.gz |
vhost driver: CVE-2015-6252
Fixes a flaw in the Linux kernel's vhost driver.
A privileged local user with access to the /dev/vhost-net
files could use this flaw to create a denial-of-service attack.
References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-6252
http://www.openwall.com/lists/oss-security/2015/08/18/3
Upstream patch:
===============
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=a5b3343b05e58b8f8ce7481426f89c048229b50d
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r-- | recipes-kernel/linux/linux-qoriq-3.12/vhost-CVE-2015-6252.patch | 39 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-qoriq-common.inc | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-qoriq-3.12/vhost-CVE-2015-6252.patch b/recipes-kernel/linux/linux-qoriq-3.12/vhost-CVE-2015-6252.patch new file mode 100644 index 0000000..068b8ad --- /dev/null +++ b/recipes-kernel/linux/linux-qoriq-3.12/vhost-CVE-2015-6252.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From a5b3343b05e58b8f8ce7481426f89c048229b50d Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com> | ||
3 | Date: Fri, 17 Jul 2015 15:32:03 +0200 | ||
4 | Subject: vhost: actually track log eventfd file | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | commit 7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 upstream. | ||
10 | |||
11 | While reviewing vhost log code, I found out that log_file is never | ||
12 | set. Note: I haven't tested the change (QEMU doesn't use LOG_FD yet). | ||
13 | |||
14 | Fixes CVE-2015-6252. | ||
15 | Upstream-Status: Backport | ||
16 | |||
17 | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> | ||
18 | Signed-off-by: Michael S. Tsirkin <mst@redhat.com> | ||
19 | Signed-off-by: Jiri Slaby <jslaby@suse.cz> | ||
20 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
21 | --- | ||
22 | drivers/vhost/vhost.c | 1 + | ||
23 | 1 file changed, 1 insertion(+) | ||
24 | |||
25 | diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c | ||
26 | index 69068e0..384bcc8 100644 | ||
27 | --- a/drivers/vhost/vhost.c | ||
28 | +++ b/drivers/vhost/vhost.c | ||
29 | @@ -878,6 +878,7 @@ long vhost_dev_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *argp) | ||
30 | } | ||
31 | if (eventfp != d->log_file) { | ||
32 | filep = d->log_file; | ||
33 | + d->log_file = eventfp; | ||
34 | ctx = d->log_ctx; | ||
35 | d->log_ctx = eventfp ? | ||
36 | eventfd_ctx_fileget(eventfp) : NULL; | ||
37 | -- | ||
38 | cgit v0.12 | ||
39 | |||
diff --git a/recipes-kernel/linux/linux-qoriq-common.inc b/recipes-kernel/linux/linux-qoriq-common.inc index 3b4a203..9052358 100644 --- a/recipes-kernel/linux/linux-qoriq-common.inc +++ b/recipes-kernel/linux/linux-qoriq-common.inc | |||
@@ -22,6 +22,7 @@ SRC_URI += "file://b4860-hard_irq_disable-bug.patch \ | |||
22 | file://ipc-CVE-2015-7613.patch \ | 22 | file://ipc-CVE-2015-7613.patch \ |
23 | file://net-rds-CVE-2015-2042.patch \ | 23 | file://net-rds-CVE-2015-2042.patch \ |
24 | file://drivers-scsi-CVE-2015-5707.patch \ | 24 | file://drivers-scsi-CVE-2015-5707.patch \ |
25 | file://vhost-CVE-2015-6252.patch \ | ||
25 | " | 26 | " |
26 | 27 | ||
27 | SRC_URI += "file://cfg/00013-localversion.cfg \ | 28 | SRC_URI += "file://cfg/00013-localversion.cfg \ |