1 files changed, 62 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/net-CVE-2015-2041.patch b/recipes-kernel/linux/files/net-CVE-2015-2041.patch
new file mode 100644
index 0000000..a62f2ea
--- /dev/null
+++ b/recipes-kernel/linux/files/net-CVE-2015-2041.patch
@@ -0,0 +1,62 @@
+From 553dd569ff29bc38cebbf9f9dd7c791863ee9113 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Fri, 23 Jan 2015 20:47:00 -0500
+Subject: net: llc: use correct size for sysctl timeout entries
+commit 6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 upstream.
+The timeout entries are sizeof(int) rather than sizeof(long), which
+means that when they were getting read we'd also leak kernel memory
+to userspace along with the timeout values.
+Fixes CVE-2015-2041
+Upstream-Status: Backport
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ net/llc/sysctl_net_llc.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c
+index 612a5dd..799bafc 100644
+--- a/net/llc/sysctl_net_llc.c
+++ b/net/llc/sysctl_net_llc.c
+@@ -18,28 +18,28 @@ static struct ctl_table llc2_timeout_table[] = {
+        {
+                .procname       = "ack",
+                .data           = &sysctl_llc2_ack_timeout,
+-               .maxlen         = sizeof(long),
+               .maxlen         = sizeof(sysctl_llc2_ack_timeout),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec_jiffies,
+        },
+        {
+                .procname       = "busy",
+                .data           = &sysctl_llc2_busy_timeout,
+-               .maxlen         = sizeof(long),
+               .maxlen         = sizeof(sysctl_llc2_busy_timeout),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec_jiffies,
+        },
+        {
+                .procname       = "p",
+                .data           = &sysctl_llc2_p_timeout,
+-               .maxlen         = sizeof(long),
+               .maxlen         = sizeof(sysctl_llc2_p_timeout),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec_jiffies,
+        },
+        {
+                .procname       = "rej",
+                .data           = &sysctl_llc2_rej_timeout,
+-               .maxlen         = sizeof(long),
+               .maxlen         = sizeof(sysctl_llc2_rej_timeout),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec_jiffies,
+        },
+-- 
+1.9.1

diff --git a/recipes-kernel/linux/files/net-CVE-2015-2041.patch b/recipes-kernel/linux/files/net-CVE-2015-2041.patch new file mode 100644 index 0000000..a62f2ea --- /dev/null +++ b/recipes-kernel/linux/files/net-CVE-2015-2041.patch
@@ -0,0 +1,62 @@
	1	From 553dd569ff29bc38cebbf9f9dd7c791863ee9113 Mon Sep 17 00:00:00 2001
	2	From: Sasha Levin <sasha.levin@oracle.com>
	3	Date: Fri, 23 Jan 2015 20:47:00 -0500
	4	Subject: net: llc: use correct size for sysctl timeout entries
	5
	6	commit 6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 upstream.
	7
	8	The timeout entries are sizeof(int) rather than sizeof(long), which
	9	means that when they were getting read we'd also leak kernel memory
	10	to userspace along with the timeout values.
	11
	12	Fixes CVE-2015-2041
	13	Upstream-Status: Backport
	14
	15	Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
	16	Signed-off-by: David S. Miller <davem@davemloft.net>
	17	Signed-off-by: Jiri Slaby <jslaby@suse.cz>
	18	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	19	---
	20	net/llc/sysctl_net_llc.c \| 8 ++++----
	21	1 file changed, 4 insertions(+), 4 deletions(-)
	22
	23	diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c
	24	index 612a5dd..799bafc 100644
	25	--- a/net/llc/sysctl_net_llc.c
	26	+++ b/net/llc/sysctl_net_llc.c
	27	@@ -18,28 +18,28 @@ static struct ctl_table llc2_timeout_table[] = {
	28	{
	29	.procname = "ack",
	30	.data = &sysctl_llc2_ack_timeout,
	31	- .maxlen = sizeof(long),
	32	+ .maxlen = sizeof(sysctl_llc2_ack_timeout),
	33	.mode = 0644,
	34	.proc_handler = proc_dointvec_jiffies,
	35	},
	36	{
	37	.procname = "busy",
	38	.data = &sysctl_llc2_busy_timeout,
	39	- .maxlen = sizeof(long),
	40	+ .maxlen = sizeof(sysctl_llc2_busy_timeout),
	41	.mode = 0644,
	42	.proc_handler = proc_dointvec_jiffies,
	43	},
	44	{
	45	.procname = "p",
	46	.data = &sysctl_llc2_p_timeout,
	47	- .maxlen = sizeof(long),
	48	+ .maxlen = sizeof(sysctl_llc2_p_timeout),
	49	.mode = 0644,
	50	.proc_handler = proc_dointvec_jiffies,
	51	},
	52	{
	53	.procname = "rej",
	54	.data = &sysctl_llc2_rej_timeout,
	55	- .maxlen = sizeof(long),
	56	+ .maxlen = sizeof(sysctl_llc2_rej_timeout),
	57	.mode = 0644,
	58	.proc_handler = proc_dointvec_jiffies,
	59	},
	60	--
	61	1.9.1
	62