diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-01-28 14:32:11 +0100 |
---|---|---|
committer | Paul Vaduva <Paul.Vaduva@enea.com> | 2016-01-28 14:35:59 +0100 |
commit | febcbabc2e4d859a3caf7808ceda68c956da652f (patch) | |
tree | 61cabf9e0183f4bc54ab28c84c1c653d48c0418e /recipes-kernel/linux/linux-hierofalcon-4.1 | |
parent | f846a18b030d4bccbb7a2d1fb7359df6c6c69048 (diff) | |
download | meta-hierofalcon-febcbabc2e4d859a3caf7808ceda68c956da652f.tar.gz |
virtio-net: CVE-2015-5156
Fixes a buffer overflow flaw in the Linux kernel's virtio-net subsystem.
Reference to the upstream patch:
http://marc.info/?l=linux-netdev&m=143868216724068&w=2
Other external references:
http://www.openwall.com/lists/oss-security/2015/08/06/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
Diffstat (limited to 'recipes-kernel/linux/linux-hierofalcon-4.1')
-rw-r--r-- | recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch b/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch new file mode 100644 index 0000000..772de2e --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon-4.1/virtio-net-CVE-2015-5156.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 152964690b41b91049d00eb8aea1d25880cd13f0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason Wang <jasowang@redhat.com> | ||
3 | Date: Wed, 5 Aug 2015 10:34:04 +0800 | ||
4 | Subject: virtio-net: drop NETIF_F_FRAGLIST | ||
5 | |||
6 | [ Upstream commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 ] | ||
7 | |||
8 | virtio declares support for NETIF_F_FRAGLIST, but assumes | ||
9 | that there are at most MAX_SKB_FRAGS + 2 fragments which isn't | ||
10 | always true with a fraglist. | ||
11 | |||
12 | A longer fraglist in the skb will make the call to skb_to_sgvec overflow | ||
13 | the sg array, leading to memory corruption. | ||
14 | |||
15 | Drop NETIF_F_FRAGLIST so we only get what we can handle. | ||
16 | |||
17 | Fixes CVE-2015-5156. | ||
18 | Upstream-Status: Backport | ||
19 | |||
20 | Cc: Michael S. Tsirkin <mst@redhat.com> | ||
21 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
22 | Acked-by: Michael S. Tsirkin <mst@redhat.com> | ||
23 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
24 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
25 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
26 | --- | ||
27 | drivers/net/virtio_net.c | 4 ++-- | ||
28 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c | ||
31 | index 7fbca37..237f8e5 100644 | ||
32 | --- a/drivers/net/virtio_net.c | ||
33 | +++ b/drivers/net/virtio_net.c | ||
34 | @@ -1756,9 +1756,9 @@ static int virtnet_probe(struct virtio_device *vdev) | ||
35 | /* Do we support "hardware" checksums? */ | ||
36 | if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) { | ||
37 | /* This opens up the world of extra features. */ | ||
38 | - dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
39 | + dev->hw_features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
40 | if (csum) | ||
41 | - dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; | ||
42 | + dev->features |= NETIF_F_HW_CSUM | NETIF_F_SG; | ||
43 | |||
44 | if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) { | ||
45 | dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO | ||
46 | -- | ||
47 | cgit v0.12 | ||
48 | |||