diff options
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch | 31 |
2 files changed, 40 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 1723dc53..5d7e0dc1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -645,6 +645,9 @@ Patch25044: iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch #CVE-2014-2580 rhbz 1080084 1080086 Patch25052: net-xen-netback-disable-rogue-vif-in-kthread-context.patch +#CVE-2014-2678 rhbz 1083274 1083280 +Patch25054: rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch + # END OF PATCH DEFINITIONS %endif @@ -1295,6 +1298,9 @@ ApplyPatch iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch #CVE-2014-2580 rhbz 1080084 1080086 ApplyPatch net-xen-netback-disable-rogue-vif-in-kthread-context.patch +#CVE-2014-2678 rhbz 1083274 1083280 +ApplyPatch rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch + # END OF PATCH APPLICATIONS %endif @@ -2075,6 +2081,9 @@ fi # || || %changelog * Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git2.1 +- CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280) + +* Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - Linux v3.14-751-g683b6c6f82a6 * Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git1.1 diff --git a/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch b/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch new file mode 100644 index 00000000..2caf0666 --- /dev/null +++ b/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch @@ -0,0 +1,31 @@ +Bugzilla: 1083280 +Upstream-status: Queued for 3.15 + +From bf39b4247b8799935ea91d90db250ab608a58e50 Mon Sep 17 00:00:00 2001 +From: Sasha Levin <sasha.levin@oracle.com> +Date: Sat, 29 Mar 2014 20:39:35 -0400 +Subject: rds: prevent dereference of a NULL device in rds_iw_laddr_check + +Binding might result in a NULL device which is later dereferenced +without checking. + +Signed-off-by: Sasha Levin <sasha.levin@oracle.com> +Signed-off-by: David S. Miller <davem@davemloft.net> + +diff --git a/net/rds/iw.c b/net/rds/iw.c +index 7826d46..5899356 100644 +--- a/net/rds/iw.c ++++ b/net/rds/iw.c +@@ -239,7 +239,8 @@ static int rds_iw_laddr_check(__be32 addr) + ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin); + /* due to this, we will claim to support IB devices unless we + check node_type. */ +- if (ret || cm_id->device->node_type != RDMA_NODE_RNIC) ++ if (ret || !cm_id->device || ++ cm_id->device->node_type != RDMA_NODE_RNIC) + ret = -EADDRNOTAVAIL; + + rdsdebug("addr %pI4 ret %d node type %d\n", +-- +cgit v0.10.1 + |