diff options
| author | Josh Boyer <jwboyer@redhat.com> | 2013-06-06 08:20:24 -0400 |
|---|---|---|
| committer | Josh Boyer <jwboyer@redhat.com> | 2013-06-06 08:20:47 -0400 |
| commit | fa81d1f8325433f5a97a1e02be5bd06f4ea7c6ec (patch) | |
| tree | f0f62daf698d73cf1e9b28b0dcecead25ab51ffb | |
| parent | 0bb05f83a2459ab4d8b89fb40a05bf374ffdace7 (diff) | |
| download | kernel-fa81d1f8325433f5a97a1e02be5bd06f4ea7c6ec.tar.gz kernel-fa81d1f8325433f5a97a1e02be5bd06f4ea7c6ec.tar.xz kernel-fa81d1f8325433f5a97a1e02be5bd06f4ea7c6ec.zip | |
CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)
| -rw-r--r-- | cve-2013-2147-ciss-info-leak.patch | 27 | ||||
| -rw-r--r-- | kernel.spec | 9 |
2 files changed, 36 insertions, 0 deletions
diff --git a/cve-2013-2147-ciss-info-leak.patch b/cve-2013-2147-ciss-info-leak.patch new file mode 100644 index 000000000..ee49d3bfb --- /dev/null +++ b/cve-2013-2147-ciss-info-leak.patch @@ -0,0 +1,27 @@ +diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c +index 639d26b..2b94403 100644 +--- a/drivers/block/cpqarray.c ++++ b/drivers/block/cpqarray.c +@@ -1193,6 +1193,7 @@ out_passthru: + ida_pci_info_struct pciinfo; + + if (!arg) return -EINVAL; ++ memset(&pciinfo, 0, sizeof(pciinfo)); + pciinfo.bus = host->pci_dev->bus->number; + pciinfo.dev_fn = host->pci_dev->devfn; + pciinfo.board_id = host->board_id; + + diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c +index 6374dc1..34971aa 100644 +--- a/drivers/block/cciss.c ++++ b/drivers/block/cciss.c +@@ -1201,6 +1201,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, + int err; + u32 cp; + ++ memset(&arg64, 0, sizeof(arg64)); + err = 0; + err |= + copy_from_user(&arg64.LUN_info, &arg32->LUN_info, + +
\ No newline at end of file diff --git a/kernel.spec b/kernel.spec index 4c8f81017..b1fbc0ba9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -745,6 +745,9 @@ Patch25026: Modify-UEFI-anti-bricking-code.patch #CVE-2013-2140 rhbz 971146 971148 Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch +#CVE-2013-2147 rhbz 971242 971249 +Patch25032: cve-2013-2147-ciss-info-leak.patch + # END OF PATCH DEFINITIONS %endif @@ -1433,6 +1436,9 @@ ApplyPatch Modify-UEFI-anti-bricking-code.patch #CVE-2013-2140 rhbz 971146 971148 ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch +#CVE-2013-2147 rhbz 971242 971249 +ApplyPatch cve-2013-2147-ciss-info-leak.patch + # END OF PATCH APPLICATIONS %endif @@ -2238,6 +2244,9 @@ fi # ||----w | # || || %changelog +* Thu Jun 06 2013 Josh Boyer <jwboyer@redhat.com> +- CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249) + * Wed Jun 05 2013 Josh Boyer <jwboyer@redhat.com> - CVE-2013-2140 xen: blkback: insufficient permission checks for BLKIF_OP_DISCARD (rhbz 971146 971148) |