rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CVE-2014-1446 hamradio/yam: information leak in ioctl (rhbz 1053620 1053647)

This commit is contained in:
Josh Boyer 2014-01-15 10:08:25 -05:00
parent a845163585
commit 7f4eab3f85
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
hamradio-yam-fix-info-leak-in-ioctl.patch Normal file
View File

@ -0,0 +1,36 @@
Bugzilla: 1053647
Upstream-status: 3.13 and 3.12.8
From foo@baz Mon Jan 13 09:44:41 PST 2014
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speiro@ai2.upv.es>
Date: Tue, 17 Dec 2013 10:06:30 +0100
Subject: hamradio/yam: fix info leak in ioctl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Salva Peiró <speiro@ai2.upv.es>
[ Upstream commit 8e3fbf870481eb53b2d3a322d1fc395ad8b367ed ]
The yam_ioctl() code fails to initialise the cmd field
of the struct yamdrv_ioctl_cfg. Add an explicit memset(0)
before filling the structure to avoid the 4-byte info leak.
Signed-off-by: Salva Peiró <speiro@ai2.upv.es>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hamradio/yam.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/hamradio/yam.c
+++ b/drivers/net/hamradio/yam.c
@@ -1057,6 +1057,7 @@ static int yam_ioctl(struct net_device *
break;
case SIOCYAMGCFG:
+ memset(&yi, 0, sizeof(yi));
yi.cfg.mask = 0xffffffff;
yi.cfg.iobase = yp->iobase;
yi.cfg.irq = yp->irq;

7
kernel.spec
View File

@ -763,6 +763,9 @@ Patch25183: ipv6-route-cache-expiration.patch
#CVE-2014-1438 rhbz 1053599 1052914
Patch25184: x86-fpu-amd-clear-exceptions-in-amd-fxsave-workaround.patch
#CVE-2014-1446 rhbz 1053620 1053647
Patch25185: hamradio-yam-fix-info-leak-in-ioctl.patch
# END OF PATCH DEFINITIONS
%endif
@ -1481,6 +1484,9 @@ ApplyPatch ipv6-route-cache-expiration.patch
#CVE-2014-1438 rhbz 1053599 1052914
ApplyPatch x86-fpu-amd-clear-exceptions-in-amd-fxsave-workaround.patch
#CVE-2014-1446 rhbz 1053620 1053647
ApplyPatch hamradio-yam-fix-info-leak-in-ioctl.patch
# END OF PATCH APPLICATIONS
%endif
@ -2284,6 +2290,7 @@ fi
# || ||
%changelog
* Wed Jan 15 2014 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2014-1446 hamradio/yam: information leak in ioctl (rhbz 1053620 1053647)
- CVE-2014-1438 x86: exceptions are not cleared in AMD FXSAVE workaround (rhbz 1053599 1052914)
* Tue Jan 14 2014 Josh Boyer <jwboyer@fedoraproject.org>