rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)

This commit is contained in:
Josh Boyer 2013-06-06 08:20:24 -04:00
parent 3eefce94f5
commit 4e6476bdd5
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
cve-2013-2147-ciss-info-leak.patch Normal file
View File

@ -0,0 +1,27 @@
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
index 639d26b..2b94403 100644
--- a/drivers/block/cpqarray.c
+++ b/drivers/block/cpqarray.c
@@ -1193,6 +1193,7 @@ out_passthru:
ida_pci_info_struct pciinfo;
if (!arg) return -EINVAL;
+ memset(&pciinfo, 0, sizeof(pciinfo));
pciinfo.bus = host->pci_dev->bus->number;
pciinfo.dev_fn = host->pci_dev->devfn;
pciinfo.board_id = host->board_id;
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
index 6374dc1..34971aa 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
@@ -1201,6 +1201,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;
+ memset(&arg64, 0, sizeof(arg64));
err = 0;
err |=
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,

9
kernel.spec
View File

@ -754,6 +754,9 @@ Patch25026: Modify-UEFI-anti-bricking-code.patch
#CVE-2013-2140 rhbz 971146 971148
Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch
#CVE-2013-2147 rhbz 971242 971249
Patch25032: cve-2013-2147-ciss-info-leak.patch
# END OF PATCH DEFINITIONS
%endif
@ -1462,6 +1465,9 @@ ApplyPatch Modify-UEFI-anti-bricking-code.patch
#CVE-2013-2140 rhbz 971146 971148
ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch
#CVE-2013-2147 rhbz 971242 971249
ApplyPatch cve-2013-2147-ciss-info-leak.patch
# END OF PATCH APPLICATIONS
%endif
@ -2313,6 +2319,9 @@ fi
# '-' | |
# '-'
%changelog
* Thu Jun 06 2013 Josh Boyer <jwboyer@redhat.com>
- CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)
* Wed Jun 05 2013 Josh Boyer <jwboyer@redhat.com>
- CVE-2013-2140 xen: blkback: insufficient permission checks for BLKIF_OP_DISCARD (rhbz 971146 971148)