CVE-2013-2148 fanotify: info leak in copy_event_to_user (rhbz 971258 971261)

2013-06-06 08:24:07 -04:00 · 2013-06-06 08:24:07 -04:00 · 5e7ce920b2
commit 5e7ce920b2
parent 9df6e58f8f
2 changed files with 21 additions and 0 deletions
--- a/fanotify-info-leak-in-copy_event_to_user.patch
+++ b/fanotify-info-leak-in-copy_event_to_user.patch
@ -0,0 +1,14 @@
+diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
+index 6c80083..77cc85d 100644
+--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
+@@ -122,6 +122,7 @@ static int fill_event_metadata(struct fsnotify_group *group,
+ 	metadata->event_len = FAN_EVENT_METADATA_LEN;
+ 	metadata->metadata_len = FAN_EVENT_METADATA_LEN;
+ 	metadata->vers = FANOTIFY_METADATA_VERSION;
+	metadata->reserved = 0;
+ 	metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS;
+ 	metadata->pid = pid_vnr(event->tgid);
+ 	if (unlikely(event->mask & FAN_Q_OVERFLOW))
+
+  
--- a/kernel.spec
+++ b/kernel.spec
@ -783,6 +783,9 @@ Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch
 #CVE-2013-2147 rhbz 971242 971249
 Patch25032: cve-2013-2147-ciss-info-leak.patch

+#CVE-2013-2148 rhbz 971258 971261
+Patch25033: fanotify-info-leak-in-copy_event_to_user.patch
+
 # END OF PATCH DEFINITIONS

 %endif
@ -1512,6 +1515,9 @@ ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch
 #CVE-2013-2147 rhbz 971242 971249
 ApplyPatch cve-2013-2147-ciss-info-leak.patch

+#CVE-2013-2148 rhbz 971258 971261
+ApplyPatch fanotify-info-leak-in-copy_event_to_user.patch
+
 # END OF PATCH APPLICATIONS

 %endif
@ -2340,6 +2346,7 @@ fi

 %changelog
 * Thu Jun 06 2013 Josh Boyer <jwboyer@redhat.com>
+- CVE-2013-2148 fanotify: info leak in copy_event_to_user (rhbz 971258 971261)
 - CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)

 * Wed Jun 05 2013 Josh Boyer <jwboyer@redhat.com>