diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2018-03-08 13:00:49 -0600 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2018-03-08 13:00:49 -0600 |
| commit | e9c6acc15dcc6fe407ff8699729ee7e41e26fd39 (patch) | |
| tree | 41f5d8dce7e18b8b8af38f4c20ef2a277c244fdb | |
| parent | 1045178022adadfb4c3340a1bbc63fcea9368247 (diff) | |
| download | kernel-e9c6acc15dcc6fe407ff8699729ee7e41e26fd39.tar.gz kernel-e9c6acc15dcc6fe407ff8699729ee7e41e26fd39.tar.xz kernel-e9c6acc15dcc6fe407ff8699729ee7e41e26fd39.zip | |
Fix CVE-2018-7757 (rhbz 1553361 1553363)
| -rw-r--r-- | 0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch | 40 | ||||
| -rw-r--r-- | kernel.spec | 6 |
2 files changed, 46 insertions, 0 deletions
diff --git a/0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch b/0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch new file mode 100644 index 000000000..e78347c70 --- /dev/null +++ b/0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch @@ -0,0 +1,40 @@ +From 4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 Mon Sep 17 00:00:00 2001 +From: Jason Yan <yanaijie@huawei.com> +Date: Thu, 4 Jan 2018 21:04:31 +0800 +Subject: [PATCH] scsi: libsas: fix memory leak in sas_smp_get_phy_events() + +We've got a memory leak with the following producer: + +while true; +do cat /sys/class/sas_phy/phy-1:0:12/invalid_dword_count >/dev/null; +done + +The buffer req is allocated and not freed after we return. Fix it. + +Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver") +Signed-off-by: Jason Yan <yanaijie@huawei.com> +CC: John Garry <john.garry@huawei.com> +CC: chenqilin <chenqilin2@huawei.com> +CC: chenxiang <chenxiang66@hisilicon.com> +Reviewed-by: Christoph Hellwig <hch@lst.de> +Reviewed-by: Hannes Reinecke <hare@suse.com> +Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> +--- + drivers/scsi/libsas/sas_expander.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c +index ca1566237ae7..1de59c0fdbc0 100644 +--- a/drivers/scsi/libsas/sas_expander.c ++++ b/drivers/scsi/libsas/sas_expander.c +@@ -695,6 +695,7 @@ int sas_smp_get_phy_events(struct sas_phy *phy) + phy->phy_reset_problem_count = scsi_to_u32(&resp[24]); + + out: ++ kfree(req); + kfree(resp); + return res; + +-- +2.14.3 + diff --git a/kernel.spec b/kernel.spec index a4a8653f3..64060e3d4 100644 --- a/kernel.spec +++ b/kernel.spec @@ -642,6 +642,9 @@ Patch656: 0001-sctp-verify-size-of-a-new-chunk-in-_sctp_make_chunk.patch # rhbz 1549316 Patch657: ipmi-fixes.patch +# CVE-2018-7757 rhbz 1553361 1553363 +Patch658: 0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch + # END OF PATCH DEFINITIONS %endif @@ -1940,6 +1943,9 @@ fi # # %changelog +* Thu Mar 08 2018 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2018-7757 (rhbz 1553361 1553363) + * Tue Mar 06 2018 Laura Abbott <labbott@redhat.com> - Fixes for IPMI crash (rbhz 1549316) |