CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference

A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. References: - https://access.redhat.com/security/cve/CVE-2014-5077 - http://patchwork.ozlabs.org/patch/372475/ Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
author: Liviu Gheorghisan <liviu.gheorghisan@enea.com> 2014-09-18 10:22:37 +0200
committer: Zhenhua Luo <zhenhua.luo@freescale.com> 2014-09-26 15:17:46 +0800
commit: e58e8ae7b6735dd1f65b5bd6e59b3f5897dfd837 (patch)
tree: 16b8634b2150b01221f44a25b4e4893760478969
parent: 0593fcf83de728c86fd41c4695a3903dd7625daf (diff)
download: meta-freescale-e58e8ae7b6735dd1f65b5bd6e59b3f5897dfd837.tar.gz
2 files changed, 42 insertions, 0 deletions
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
new file mode 100644
index 000000000..7d1653567
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,41 @@
+CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
+A NULL pointer dereference flaw was found in the way the
+Linux kernel's Stream Control Transmission Protocol
+(SCTP) implementation handled simultaneous connections
+between the same hosts. A remote attacker could use this
+flaw to crash the system.
+Upstream-Status: Backport (from v3.16, commit 1be9a950c646c)
+References:
+    - https://access.redhat.com/security/cve/CVE-2014-5077
+    - http://patchwork.ozlabs.org/patch/372475/
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
+---
+ net/sctp/associola.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index 9de23a2..06a9ee6 100644
+--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
+@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+        asoc->c = new->c;
+        asoc->peer.rwnd = new->peer.rwnd;
+        asoc->peer.sack_needed = new->peer.sack_needed;
+       asoc->peer.auth_capable = new->peer.auth_capable;
+        asoc->peer.i = new->peer.i;
+        sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+                         asoc->peer.i.initial_tsn, GFP_ATOMIC);
+-- 
+1.9.1
diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb
index 4e9c50b52..93a0bba74 100644
--- a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -3,6 +3,7 @@ require recipes-kernel/linux/linux-qoriq.inc
 SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
    file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
    file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \
+    file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \
 "
 SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"
author	Liviu Gheorghisan <liviu.gheorghisan@enea.com>	2014-09-18 10:22:37 +0200
committer	Zhenhua Luo <zhenhua.luo@freescale.com>	2014-09-26 15:17:46 +0800
commit	e58e8ae7b6735dd1f65b5bd6e59b3f5897dfd837 (patch)
tree	16b8634b2150b01221f44a25b4e4893760478969
parent	0593fcf83de728c86fd41c4695a3903dd7625daf (diff)
download	meta-freescale-e58e8ae7b6735dd1f65b5bd6e59b3f5897dfd837.tar.gz

diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch new file mode 100644 index 000000000..7d1653567 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,41 @@
		1	CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
		2
		3	A NULL pointer dereference flaw was found in the way the
		4	Linux kernel's Stream Control Transmission Protocol
		5	(SCTP) implementation handled simultaneous connections
		6	between the same hosts. A remote attacker could use this
		7	flaw to crash the system.
		8
		9	Upstream-Status: Backport (from v3.16, commit 1be9a950c646c)
		10
		11	References:
		12	- https://access.redhat.com/security/cve/CVE-2014-5077
		13	- http://patchwork.ozlabs.org/patch/372475/
		14
		15	Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
		16	Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
		17	Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
		18	Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
		19	Cc: Vlad Yasevich <vyasevich@gmail.com>
		20	Acked-by: Vlad Yasevich <vyasevich@gmail.com>
		21	Signed-off-by: David S. Miller <davem@davemloft.net>
		22	Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
		23	---
		24	net/sctp/associola.c \| 1 +
		25	1 file changed, 1 insertion(+)
		26
		27	diff --git a/net/sctp/associola.c b/net/sctp/associola.c
		28	index 9de23a2..06a9ee6 100644
		29	--- a/net/sctp/associola.c
		30	+++ b/net/sctp/associola.c
		31	@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
		32	asoc->c = new->c;
		33	asoc->peer.rwnd = new->peer.rwnd;
		34	asoc->peer.sack_needed = new->peer.sack_needed;
		35	+ asoc->peer.auth_capable = new->peer.auth_capable;
		36	asoc->peer.i = new->peer.i;
		37	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
		38	asoc->peer.i.initial_tsn, GFP_ATOMIC);
		39	--
		40	1.9.1
		41


diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb index 4e9c50b52..93a0bba74 100644 --- a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -3,6 +3,7 @@ require recipes-kernel/linux/linux-qoriq.inc
3	SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \	3	SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
4	file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \	4	file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
5	file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \	5	file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \
		6	file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \
6	"	7	"
7	SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"	8	SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"
8		9