diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-11-22 12:59:44 -0600 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-11-22 12:59:44 -0600 |
commit | dd98e4760dc1e426180bafd0106482dec534b4d9 (patch) | |
tree | 62518cdc4b0dade9ad3a0e102258e641cb0d00d2 | |
parent | 1c29f2a21dbc2aa9717826c702a49449c798ffaf (diff) | |
download | kernel-dd98e4760dc1e426180bafd0106482dec534b4d9.tar.gz kernel-dd98e4760dc1e426180bafd0106482dec534b4d9.tar.xz kernel-dd98e4760dc1e426180bafd0106482dec534b4d9.zip |
Fix CVE-2019-19077 rhbz 1775724 1775725
-rw-r--r-- | 0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch | 33 | ||||
-rw-r--r-- | kernel.spec | 6 |
2 files changed, 39 insertions, 0 deletions
diff --git a/0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch b/0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch new file mode 100644 index 000000000..87f4b4db7 --- /dev/null +++ b/0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch @@ -0,0 +1,33 @@ +From 4a9d46a9fe14401f21df69cea97c62396d5fb053 Mon Sep 17 00:00:00 2001 +From: Navid Emamdoost <navid.emamdoost@gmail.com> +Date: Tue, 10 Sep 2019 17:21:19 -0500 +Subject: [PATCH] RDMA: Fix goto target to release the allocated memory + +In bnxt_re_create_srq(), when ib_copy_to_udata() fails allocated memory +should be released by goto fail. + +Fixes: 37cb11acf1f7 ("RDMA/bnxt_re: Add SRQ support for Broadcom adapters") +Link: https://lore.kernel.org/r/20190910222120.16517-1-navid.emamdoost@gmail.com +Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> +Reviewed-by: Jason Gunthorpe <jgg@mellanox.com> +Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> +--- + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c +index f9e97d0cc459..b4149dc9e824 100644 +--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c ++++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c +@@ -1398,7 +1398,7 @@ int bnxt_re_create_srq(struct ib_srq *ib_srq, + dev_err(rdev_to_dev(rdev), "SRQ copy to udata failed!"); + bnxt_qplib_destroy_srq(&rdev->qplib_res, + &srq->qplib_srq); +- goto exit; ++ goto fail; + } + } + if (nq) +-- +2.23.0 + diff --git a/kernel.spec b/kernel.spec index 8f0ef1314..682c93a14 100644 --- a/kernel.spec +++ b/kernel.spec @@ -647,6 +647,9 @@ Patch523: 0001-nl80211-fix-memory-leak-in-nl80211_get_ftm_responder.patch # CVE-2019-19054 rhbz 1775063 1775117 Patch524: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch +# CVE-2019-19077 rhbz 1775724 1775725 +Patch525: 0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch + # END OF PATCH DEFINITIONS %endif @@ -1884,6 +1887,9 @@ fi # # %changelog +* Fri Nov 22 2019 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2019-19077 rhbz 1775724 1775725 + * Thu Nov 21 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.3.12-200 - Fix CVE-2019-19074 (rhbz 1774933 1774934) - Fix CVE-2019-19073 (rhbz 1774937 1774939) |