diff options
| author | Andreas Wellving <andreas.wellving@enea.com> | 2019-05-21 15:26:34 +0200 |
|---|---|---|
| committer | Adrian Mangeac <Adrian.Mangeac@enea.com> | 2019-05-21 17:23:38 +0200 |
| commit | 6e248f8c7f9ee0c198a3f6024c61eb49a7951613 (patch) | |
| tree | 254b112d0bdea6ab7f2b06d10c80191a67cd3700 | |
| parent | 7ce41950deb2bac0c1e4d4ff7a0771228e5dfa5f (diff) | |
| download | enea-kernel-cache-6e248f8c7f9ee0c198a3f6024c61eb49a7951613.tar.gz | |
RDS: CVE-2018-5333
RDS: null pointer dereference in rds_atomic_free_op
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-5333
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=5edbe3c0249f54578636b71377861d579b1781cf
Change-Id: I88192001b38e93fae85c48ca6c7ca7146b26597b
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
| -rw-r--r-- | patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch b/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch new file mode 100644 index 0000000..0b3a5f9 --- /dev/null +++ b/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From 5edbe3c0249f54578636b71377861d579b1781cf Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Mohamed Ghannam <simo.ghannam@gmail.com> | ||
| 3 | Date: Wed, 3 Jan 2018 21:06:06 +0000 | ||
| 4 | Subject: [PATCH] RDS: null pointer dereference in rds_atomic_free_op | ||
| 5 | |||
| 6 | [ Upstream commit 7d11f77f84b27cef452cee332f4e469503084737 ] | ||
| 7 | |||
| 8 | set rm->atomic.op_active to 0 when rds_pin_pages() fails | ||
| 9 | or the user supplied address is invalid, | ||
| 10 | this prevents a NULL pointer usage in rds_atomic_free_op() | ||
| 11 | |||
| 12 | CVE: CVE-2018-5333 | ||
| 13 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=5edbe3c0249f54578636b71377861d579b1781cf] | ||
| 14 | |||
| 15 | Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com> | ||
| 16 | Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> | ||
| 17 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
| 18 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
| 19 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
| 20 | --- | ||
| 21 | net/rds/rdma.c | 1 + | ||
| 22 | 1 file changed, 1 insertion(+) | ||
| 23 | |||
| 24 | diff --git a/net/rds/rdma.c b/net/rds/rdma.c | ||
| 25 | index 94729d9da437..634cfcb7bba6 100644 | ||
| 26 | --- a/net/rds/rdma.c | ||
| 27 | +++ b/net/rds/rdma.c | ||
| 28 | @@ -877,6 +877,7 @@ int rds_cmsg_atomic(struct rds_sock *rs, struct rds_message *rm, | ||
| 29 | err: | ||
| 30 | if (page) | ||
| 31 | put_page(page); | ||
| 32 | + rm->atomic.op_active = 0; | ||
| 33 | kfree(rm->atomic.op_notifier); | ||
| 34 | |||
| 35 | return ret; | ||
| 36 | -- | ||
| 37 | 2.20.1 | ||
| 38 | |||