diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-12-15 13:57:30 +0100 |
---|---|---|
committer | Zhenhua Luo <zhenhua.luo@nxp.com> | 2015-12-21 13:55:47 +0800 |
commit | 210e6d5bd15a7b6dede180e2c4a8f9d5d4484e92 (patch) | |
tree | d171974b1cb414dde1fdfade296d5173f4ad0a2a | |
parent | f297dfce5ef0fe2d1247b8f167beca1389e1a355 (diff) | |
download | meta-fsl-ppc-210e6d5bd15a7b6dede180e2c4a8f9d5d4484e92.tar.gz |
ttusb-dec: CVE-2014-8884
Fixes buffer overflow in ioctl.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/
?id=482c6cb2dfb40838d67b0ba844b4b3d0af0f3d20
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
-rw-r--r-- | recipes-kernel/linux/files/media-ttusb-dec-CVE-2014-8884.patch | 37 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-qoriq_3.12.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/media-ttusb-dec-CVE-2014-8884.patch b/recipes-kernel/linux/files/media-ttusb-dec-CVE-2014-8884.patch new file mode 100644 index 0000000..ae27944 --- /dev/null +++ b/recipes-kernel/linux/files/media-ttusb-dec-CVE-2014-8884.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | commit 482c6cb2dfb40838d67b0ba844b4b3d0af0f3d20 | ||
2 | Author: Dan Carpenter <dan.carpenter@oracle.com> | ||
3 | Date: Fri, 5 Sep 2014 09:09:28 -0300 | ||
4 | Subject: [media] ttusb-dec: buffer overflow in ioctl | ||
5 | |||
6 | commit f2e323ec96077642d397bb1c355def536d489d16 upstream. | ||
7 | |||
8 | We need to add a limit check here so we don't overflow the buffer. | ||
9 | |||
10 | Fixes CVE-2014-8884 | ||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> | ||
14 | Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> | ||
15 | Signed-off-by: Jiri Slaby <jslaby@suse.cz> | ||
16 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
17 | --- | ||
18 | drivers/media/usb/ttusb-dec/ttusbdecfe.c | 3 +++ | ||
19 | 1 file changed, 3 insertions(+) | ||
20 | |||
21 | diff --git a/drivers/media/usb/ttusb-dec/ttusbdecfe.c b/drivers/media/usb/ttusb-dec/ttusbdecfe.c | ||
22 | index 5c45c9d..9c29552 100644 | ||
23 | --- a/drivers/media/usb/ttusb-dec/ttusbdecfe.c | ||
24 | +++ b/drivers/media/usb/ttusb-dec/ttusbdecfe.c | ||
25 | @@ -156,6 +156,9 @@ static int ttusbdecfe_dvbs_diseqc_send_master_cmd(struct dvb_frontend* fe, struc | ||
26 | 0x00, 0x00, 0x00, 0x00, | ||
27 | 0x00, 0x00 }; | ||
28 | |||
29 | + if (cmd->msg_len > sizeof(b) - 4) | ||
30 | + return -EINVAL; | ||
31 | + | ||
32 | memcpy(&b[4], cmd->msg, cmd->msg_len); | ||
33 | |||
34 | state->config->send_command(fe, 0x72, | ||
35 | -- | ||
36 | cgit v0.11.2 | ||
37 | |||
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb index f078518..e89a289 100644 --- a/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/recipes-kernel/linux/linux-qoriq_3.12.bb | |||
@@ -34,6 +34,7 @@ SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ | |||
34 | file://fs-isofs-CVE-2014-9420.patch \ | 34 | file://fs-isofs-CVE-2014-9420.patch \ |
35 | file://udp-CVE-2015-5364_CVE-2015-5366.patch \ | 35 | file://udp-CVE-2015-5364_CVE-2015-5366.patch \ |
36 | file://mm-CVE-2014-3122.patch \ | 36 | file://mm-CVE-2014-3122.patch \ |
37 | file://media-ttusb-dec-CVE-2014-8884.patch \ | ||
37 | " | 38 | " |
38 | SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229" | 39 | SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229" |
39 | 40 | ||