1 files changed, 43 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch b/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch
new file mode 100644
index 0000000..9859025
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch
@@ -0,0 +1,43 @@
+From 7ee7663da07717a1b31ce60d2ebf12d2058ee975 Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Wed, 18 Jun 2014 13:32:35 +0200
+Subject: [PATCH] ALSA: control: Make sure that id->index does not overflow
+commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream.
+The ALSA control code expects that the range of assigned indices to a control is
+continuous and does not overflow. Currently there are no checks to enforce this.
+If a control with a overflowing index range is created that control becomes
+effectively inaccessible and unremovable since snd_ctl_find_id() will not be
+able to find it. This patch adds a check that makes sure that controls with a
+overflowing index range can not be created.
+Fixes CVE-2014-4656
+Upstream-Status: Backport
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Acked-by: Jaroslav Kysela <perex@perex.cz>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ sound/core/control.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/sound/core/control.c b/sound/core/control.c
+index 93215b4..98a29b2 100644
+--- a/sound/core/control.c
+++ b/sound/core/control.c
+@@ -343,6 +343,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
+        if (snd_BUG_ON(!card || !kcontrol->info))
+                goto error;
+        id = kcontrol->id;
+       if (id.index > UINT_MAX - kcontrol->count)
+               goto error;
+
+        down_write(&card->controls_rwsem);
+        if (snd_ctl_find_id(card, &id)) {
+                up_write(&card->controls_rwsem);
+-- 
+1.9.1

diff --git a/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch b/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch new file mode 100644 index 0000000..9859025 --- /dev/null +++ b/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch
@@ -0,0 +1,43 @@
	1	From 7ee7663da07717a1b31ce60d2ebf12d2058ee975 Mon Sep 17 00:00:00 2001
	2	From: Lars-Peter Clausen <lars@metafoo.de>
	3	Date: Wed, 18 Jun 2014 13:32:35 +0200
	4	Subject: [PATCH] ALSA: control: Make sure that id->index does not overflow
	5
	6	commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream.
	7
	8	The ALSA control code expects that the range of assigned indices to a control is
	9	continuous and does not overflow. Currently there are no checks to enforce this.
	10	If a control with a overflowing index range is created that control becomes
	11	effectively inaccessible and unremovable since snd_ctl_find_id() will not be
	12	able to find it. This patch adds a check that makes sure that controls with a
	13	overflowing index range can not be created.
	14
	15	Fixes CVE-2014-4656
	16	Upstream-Status: Backport
	17
	18	Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
	19	Acked-by: Jaroslav Kysela <perex@perex.cz>
	20	Signed-off-by: Takashi Iwai <tiwai@suse.de>
	21	Signed-off-by: Jiri Slaby <jslaby@suse.cz>
	22	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	23	---
	24	sound/core/control.c \| 3 +++
	25	1 file changed, 3 insertions(+)
	26
	27	diff --git a/sound/core/control.c b/sound/core/control.c
	28	index 93215b4..98a29b2 100644
	29	--- a/sound/core/control.c
	30	+++ b/sound/core/control.c
	31	@@ -343,6 +343,9 @@ int snd_ctl_add(struct snd_card card, struct snd_kcontrol kcontrol)
	32	if (snd_BUG_ON(!card \|\| !kcontrol->info))
	33	goto error;
	34	id = kcontrol->id;
	35	+ if (id.index > UINT_MAX - kcontrol->count)
	36	+ goto error;
	37	+
	38	down_write(&card->controls_rwsem);
	39	if (snd_ctl_find_id(card, &id)) {
	40	up_write(&card->controls_rwsem);
	41	--
	42	1.9.1
	43