summaryrefslogtreecommitdiffstats
path: root/recipes-kernel/linux
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-01-05 13:27:21 +0100
committerTudor Florea <tudor.florea@enea.com>2016-01-05 14:53:02 +0100
commita63ce710f8d26ad6732602a743ff346a656efb27 (patch)
treed73885231d50e547e8c5ac3219511bf90ca5fd30 /recipes-kernel/linux
parent037538df5521a1a963b30fa01e9ac854a0ee431b (diff)
downloadmeta-hierofalcon-a63ce710f8d26ad6732602a743ff346a656efb27.tar.gz
kernel-ipv6: CVE-2015-2922
Fixes denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2922 http://www.openwall.com/lists/oss-security/2015/04/04/2 Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/ patch/?id=c85b2d7e9fa44286feaac33031db1dd0e4c9ed3b Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'recipes-kernel/linux')
-rw-r--r--recipes-kernel/linux/linux-hierofalcon-3.19/ipv6-CVE-2015-2922.patch55
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_3.19.bb1
2 files changed, 56 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon-3.19/ipv6-CVE-2015-2922.patch b/recipes-kernel/linux/linux-hierofalcon-3.19/ipv6-CVE-2015-2922.patch
new file mode 100644
index 0000000..728578f
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon-3.19/ipv6-CVE-2015-2922.patch
@@ -0,0 +1,55 @@
1From c85b2d7e9fa44286feaac33031db1dd0e4c9ed3b Mon Sep 17 00:00:00 2001
2From: "D.S. Ljungmark" <ljungmark@modio.se>
3Date: Wed, 25 Mar 2015 09:28:15 +0100
4Subject: ipv6: Don't reduce hop limit for an interface
5
6[ Upstream commit 6fd99094de2b83d1d4c8457f2c83483b2828e75a ]
7
8A local route may have a lower hop_limit set than global routes do.
9
10RFC 3756, Section 4.2.7, "Parameter Spoofing"
11
12> 1. The attacker includes a Current Hop Limit of one or another small
13> number which the attacker knows will cause legitimate packets to
14> be dropped before they reach their destination.
15
16> As an example, one possible approach to mitigate this threat is to
17> ignore very small hop limits. The nodes could implement a
18> configurable minimum hop limit, and ignore attempts to set it below
19> said limit.
20
21Fixes CVE-2015-2922
22Upstream-Status: Backport
23
24Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>
25Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
26Signed-off-by: David S. Miller <davem@davemloft.net>
27Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
28Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
29---
30 net/ipv6/ndisc.c | 9 ++++++++-
31 1 file changed, 8 insertions(+), 1 deletion(-)
32
33diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
34index 4cb45c1..a46c504 100644
35--- a/net/ipv6/ndisc.c
36+++ b/net/ipv6/ndisc.c
37@@ -1215,7 +1215,14 @@ static void ndisc_router_discovery(struct sk_buff *skb)
38 if (rt)
39 rt6_set_expires(rt, jiffies + (HZ * lifetime));
40 if (ra_msg->icmph.icmp6_hop_limit) {
41- in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
42+ /* Only set hop_limit on the interface if it is higher than
43+ * the current hop_limit.
44+ */
45+ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
46+ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
47+ } else {
48+ ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
49+ }
50 if (rt)
51 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
52 ra_msg->icmph.icmp6_hop_limit);
53--
54cgit v0.11.2
55
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
index 26dfa6d..82ad305 100644
--- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -25,6 +25,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
25 file://fs-CVE-2015-5706.patch \ 25 file://fs-CVE-2015-5706.patch \
26 file://md-CVE-2015-5697.patch \ 26 file://md-CVE-2015-5697.patch \
27 file://vhost-CVE-2015-6252.patch \ 27 file://vhost-CVE-2015-6252.patch \
28 file://ipv6-CVE-2015-2922.patch \
28 " 29 "
29 30
30S = "${WORKDIR}/git" 31S = "${WORKDIR}/git"