CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)
This commit is contained in:
parent
0bb05f83a2
commit
fa81d1f832
27
cve-2013-2147-ciss-info-leak.patch
Normal file
27
cve-2013-2147-ciss-info-leak.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
|
||||||
|
index 639d26b..2b94403 100644
|
||||||
|
--- a/drivers/block/cpqarray.c
|
||||||
|
+++ b/drivers/block/cpqarray.c
|
||||||
|
@@ -1193,6 +1193,7 @@ out_passthru:
|
||||||
|
ida_pci_info_struct pciinfo;
|
||||||
|
|
||||||
|
if (!arg) return -EINVAL;
|
||||||
|
+ memset(&pciinfo, 0, sizeof(pciinfo));
|
||||||
|
pciinfo.bus = host->pci_dev->bus->number;
|
||||||
|
pciinfo.dev_fn = host->pci_dev->devfn;
|
||||||
|
pciinfo.board_id = host->board_id;
|
||||||
|
|
||||||
|
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
|
||||||
|
index 6374dc1..34971aa 100644
|
||||||
|
--- a/drivers/block/cciss.c
|
||||||
|
+++ b/drivers/block/cciss.c
|
||||||
|
@@ -1201,6 +1201,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
|
||||||
|
int err;
|
||||||
|
u32 cp;
|
||||||
|
|
||||||
|
+ memset(&arg64, 0, sizeof(arg64));
|
||||||
|
err = 0;
|
||||||
|
err |=
|
||||||
|
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
|
||||||
|
|
||||||
|
|
@ -745,6 +745,9 @@ Patch25026: Modify-UEFI-anti-bricking-code.patch
|
|||||||
#CVE-2013-2140 rhbz 971146 971148
|
#CVE-2013-2140 rhbz 971146 971148
|
||||||
Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch
|
Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch
|
||||||
|
|
||||||
|
#CVE-2013-2147 rhbz 971242 971249
|
||||||
|
Patch25032: cve-2013-2147-ciss-info-leak.patch
|
||||||
|
|
||||||
# END OF PATCH DEFINITIONS
|
# END OF PATCH DEFINITIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -1433,6 +1436,9 @@ ApplyPatch Modify-UEFI-anti-bricking-code.patch
|
|||||||
#CVE-2013-2140 rhbz 971146 971148
|
#CVE-2013-2140 rhbz 971146 971148
|
||||||
ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch
|
ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch
|
||||||
|
|
||||||
|
#CVE-2013-2147 rhbz 971242 971249
|
||||||
|
ApplyPatch cve-2013-2147-ciss-info-leak.patch
|
||||||
|
|
||||||
# END OF PATCH APPLICATIONS
|
# END OF PATCH APPLICATIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -2238,6 +2244,9 @@ fi
|
|||||||
# ||----w |
|
# ||----w |
|
||||||
# || ||
|
# || ||
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 06 2013 Josh Boyer <jwboyer@redhat.com>
|
||||||
|
- CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)
|
||||||
|
|
||||||
* Wed Jun 05 2013 Josh Boyer <jwboyer@redhat.com>
|
* Wed Jun 05 2013 Josh Boyer <jwboyer@redhat.com>
|
||||||
- CVE-2013-2140 xen: blkback: insufficient permission checks for BLKIF_OP_DISCARD (rhbz 971146 971148)
|
- CVE-2013-2140 xen: blkback: insufficient permission checks for BLKIF_OP_DISCARD (rhbz 971146 971148)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user