diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-10-03 12:34:35 -0500 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-10-03 12:34:35 -0500 |
commit | f84d7d7b5bcdbd25a02d23aa617cb672574a7929 (patch) | |
tree | fff3adc215ddfe47ef139817389928b4f562d589 | |
parent | 46166d542f49af37a1067c693543f6b104913b55 (diff) | |
download | kernel-f84d7d7b5bcdbd25a02d23aa617cb672574a7929.tar.gz kernel-f84d7d7b5bcdbd25a02d23aa617cb672574a7929.tar.xz kernel-f84d7d7b5bcdbd25a02d23aa617cb672574a7929.zip |
Fix CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056
-rw-r--r-- | enforce-CAP_NET_RAW-for-raw-sockets.patch | 171 | ||||
-rw-r--r-- | kernel.spec | 8 |
2 files changed, 179 insertions, 0 deletions
diff --git a/enforce-CAP_NET_RAW-for-raw-sockets.patch b/enforce-CAP_NET_RAW-for-raw-sockets.patch new file mode 100644 index 000000000..f253a35af --- /dev/null +++ b/enforce-CAP_NET_RAW-for-raw-sockets.patch @@ -0,0 +1,171 @@ +From b91ee4aa2a2199ba4d4650706c272985a5a32d80 Mon Sep 17 00:00:00 2001 +From: Ori Nimron <orinimron123@gmail.com> +Date: Fri, 20 Sep 2019 09:35:45 +0200 +Subject: mISDN: enforce CAP_NET_RAW for raw sockets + +When creating a raw AF_ISDN socket, CAP_NET_RAW needs to be checked +first. + +Signed-off-by: Ori Nimron <orinimron123@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + drivers/isdn/mISDN/socket.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c +index c6ba37df4b9d..dff4132b3702 100644 +--- a/drivers/isdn/mISDN/socket.c ++++ b/drivers/isdn/mISDN/socket.c +@@ -754,6 +754,8 @@ base_sock_create(struct net *net, struct socket *sock, int protocol, int kern) + + if (sock->type != SOCK_RAW) + return -ESOCKTNOSUPPORT; ++ if (!capable(CAP_NET_RAW)) ++ return -EPERM; + + sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto, kern); + if (!sk) +-- +cgit 1.2-0.3.lf.el7 + + +From 6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac Mon Sep 17 00:00:00 2001 +From: Ori Nimron <orinimron123@gmail.com> +Date: Fri, 20 Sep 2019 09:35:46 +0200 +Subject: appletalk: enforce CAP_NET_RAW for raw sockets + +When creating a raw AF_APPLETALK socket, CAP_NET_RAW needs to be checked +first. + +Signed-off-by: Ori Nimron <orinimron123@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/appletalk/ddp.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c +index 4072e9d394d6..b41375d4d295 100644 +--- a/net/appletalk/ddp.c ++++ b/net/appletalk/ddp.c +@@ -1023,6 +1023,11 @@ static int atalk_create(struct net *net, struct socket *sock, int protocol, + */ + if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM) + goto out; ++ ++ rc = -EPERM; ++ if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) ++ goto out; ++ + rc = -ENOMEM; + sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, kern); + if (!sk) +-- +cgit 1.2-0.3.lf.el7 + + +From 0614e2b73768b502fc32a75349823356d98aae2c Mon Sep 17 00:00:00 2001 +From: Ori Nimron <orinimron123@gmail.com> +Date: Fri, 20 Sep 2019 09:35:47 +0200 +Subject: ax25: enforce CAP_NET_RAW for raw sockets + +When creating a raw AF_AX25 socket, CAP_NET_RAW needs to be checked +first. + +Signed-off-by: Ori Nimron <orinimron123@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ax25/af_ax25.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c +index ca5207767dc2..bb222b882b67 100644 +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -855,6 +855,8 @@ static int ax25_create(struct net *net, struct socket *sock, int protocol, + break; + + case SOCK_RAW: ++ if (!capable(CAP_NET_RAW)) ++ return -EPERM; + break; + default: + return -ESOCKTNOSUPPORT; +-- +cgit 1.2-0.3.lf.el7 + + +From e69dbd4619e7674c1679cba49afd9dd9ac347eef Mon Sep 17 00:00:00 2001 +From: Ori Nimron <orinimron123@gmail.com> +Date: Fri, 20 Sep 2019 09:35:48 +0200 +Subject: ieee802154: enforce CAP_NET_RAW for raw sockets + +When creating a raw AF_IEEE802154 socket, CAP_NET_RAW needs to be +checked first. + +Signed-off-by: Ori Nimron <orinimron123@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Acked-by: Stefan Schmidt <stefan@datenfreihafen.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ieee802154/socket.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c +index badc5cfe4dc6..d93d4531aa9b 100644 +--- a/net/ieee802154/socket.c ++++ b/net/ieee802154/socket.c +@@ -1008,6 +1008,9 @@ static int ieee802154_create(struct net *net, struct socket *sock, + + switch (sock->type) { + case SOCK_RAW: ++ rc = -EPERM; ++ if (!capable(CAP_NET_RAW)) ++ goto out; + proto = &ieee802154_raw_prot; + ops = &ieee802154_raw_ops; + break; +-- +cgit 1.2-0.3.lf.el7 + + +From 3a359798b176183ef09efb7a3dc59abad1cc7104 Mon Sep 17 00:00:00 2001 +From: Ori Nimron <orinimron123@gmail.com> +Date: Fri, 20 Sep 2019 09:35:49 +0200 +Subject: nfc: enforce CAP_NET_RAW for raw sockets + +When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked +first. + +Signed-off-by: Ori Nimron <orinimron123@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/nfc/llcp_sock.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c +index 9b8742947aff..8dfea26536c9 100644 +--- a/net/nfc/llcp_sock.c ++++ b/net/nfc/llcp_sock.c +@@ -1004,10 +1004,13 @@ static int llcp_sock_create(struct net *net, struct socket *sock, + sock->type != SOCK_RAW) + return -ESOCKTNOSUPPORT; + +- if (sock->type == SOCK_RAW) ++ if (sock->type == SOCK_RAW) { ++ if (!capable(CAP_NET_RAW)) ++ return -EPERM; + sock->ops = &llcp_rawsock_ops; +- else ++ } else { + sock->ops = &llcp_sock_ops; ++ } + + sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC, kern); + if (sk == NULL) +-- +cgit 1.2-0.3.lf.el7 + diff --git a/kernel.spec b/kernel.spec index 17a474089..257795fa1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -589,6 +589,10 @@ Patch506: dwc3-fix.patch # https://patchwork.kernel.org/patch/11158395/ Patch507: iwlwifi-fw-don-t-send-GEO_TX_POWER_LIMIT-command-to-FW-version-36.patch +# CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 +# rhbz 1758239 1758240 1758242 1758243 1758245 1758246 1758248 1758249 1758256 1758257 +Patch508: enforce-CAP_NET_RAW-for-raw-sockets.patch + # END OF PATCH DEFINITIONS %endif @@ -1826,6 +1830,10 @@ fi # # %changelog +* Wed Oct 03 2019 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 + (rhbz 1758239 1758240 1758242 1758243 1758245 1758246 1758248 1758249 1758256 1758257) + * Tue Oct 01 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.2.18-200 - Linux v5.2.18 |