[PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
@ 2014-09-15  7:14 Liviu Gheorghisan
  2014-09-15 12:50 ` Otavio Salvador
  2014-09-17  3:32 ` zhenhua.luo
  0 siblings, 2 replies; 5+ messages in thread
From: Liviu Gheorghisan @ 2014-09-15  7:14 UTC (permalink / raw)
  To: meta-freescale

A NULL pointer dereference flaw was found in the way the
Linux kernel's Stream Control Transmission Protocol
(SCTP) implementation handled simultaneous connections
between the same hosts. A remote attacker could use this
flaw to crash the system.

References:
    - https://access.redhat.com/security/cve/CVE-2014-5077
    - http://patchwork.ozlabs.org/patch/372475/

Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
---
 ...p-inherit-auth-capable-on-INIT-collisions.patch | 33 ++++++++++++++++++++++
 recipes-kernel/linux/linux-qoriq-prt_3.12.bb       |  1 +
 recipes-kernel/linux/linux-qoriq_3.12.bb           |  1 +
 3 files changed, 35 insertions(+)
 create mode 100644 recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch

diff --git a/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
new file mode 100644
index 0000000..f196d24
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,33 @@
+CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
+
+A NULL pointer dereference flaw was found in the way the 
+Linux kernel's Stream Control Transmission Protocol 
+(SCTP) implementation handled simultaneous connections 
+between the same hosts. A remote attacker could use this 
+flaw to crash the system.
+
+References:
+    - https://access.redhat.com/security/cve/CVE-2014-5077
+    - http://patchwork.ozlabs.org/patch/372475/
+
+Upstream-Status: Backport
+
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
+Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+---
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index cef5099..c2d5109 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1198,6 +1198,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+ 	asoc->c = new->c;
+ 	asoc->peer.rwnd = new->peer.rwnd;
+ 	asoc->peer.sack_needed = new->peer.sack_needed;
++	asoc->peer.auth_capable = new->peer.auth_capable;
+ 	asoc->peer.i = new->peer.i;
+ 	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+ 			 asoc->peer.i.initial_tsn, GFP_ATOMIC);
diff --git a/recipes-kernel/linux/linux-qoriq-prt_3.12.bb b/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
index 5d9a1f0..1716651 100644
--- a/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
@@ -2,6 +2,7 @@ require recipes-kernel/linux/linux-qoriq.inc
 
 SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
     file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
+    file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \
 "
 SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"
 
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb
index 4e9c50b..93a0bba 100644
--- a/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -3,6 +3,7 @@ require recipes-kernel/linux/linux-qoriq.inc
 SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
     file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
     file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \
+    file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \
 "
 SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd"
 
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
  2014-09-15  7:14 [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference Liviu Gheorghisan
@ 2014-09-15 12:50 ` Otavio Salvador
  2014-09-17  3:32 ` zhenhua.luo
  1 sibling, 0 replies; 5+ messages in thread
From: Otavio Salvador @ 2014-09-15 12:50 UTC (permalink / raw)
  To: Liviu Gheorghisan, Zhenhua Luo; +Cc: meta-freescale@yoctoproject.org

On Mon, Sep 15, 2014 at 4:14 AM, Liviu Gheorghisan
<liviu.gheorghisan@enea.com> wrote:
> A NULL pointer dereference flaw was found in the way the
> Linux kernel's Stream Control Transmission Protocol
> (SCTP) implementation handled simultaneous connections
> between the same hosts. A remote attacker could use this
> flaw to crash the system.
>
> References:
>     - https://access.redhat.com/security/cve/CVE-2014-5077
>     - http://patchwork.ozlabs.org/patch/372475/
>
> Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>

Please next time follow the README and send the patch with proper
prefix. Adding Luo in Cc.

-- 
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
  2014-09-15  7:14 [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference Liviu Gheorghisan
  2014-09-15 12:50 ` Otavio Salvador
@ 2014-09-17  3:32 ` zhenhua.luo
  2014-09-18  8:20   ` Liviu Gheorghisan
  1 sibling, 1 reply; 5+ messages in thread
From: zhenhua.luo @ 2014-09-17  3:32 UTC (permalink / raw)
  To: Liviu Gheorghisan; +Cc: meta-freescale@yoctoproject.org

> -----Original Message-----
> From: meta-freescale-bounces@yoctoproject.org [mailto:meta-freescale-
> bounces@yoctoproject.org] On Behalf Of Liviu Gheorghisan
> Sent: Monday, September 15, 2014 3:14 PM
> 
> diff --git a/recipes-kernel/linux/linux-qoriq-prt_3.12.bb b/recipes-
> kernel/linux/linux-qoriq-prt_3.12.bb
> index 5d9a1f0..1716651 100644
> --- a/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
> +++ b/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
[Luo Zhenhua-B19537] This linux bb file doesn't exist in meta-fsl-ppc layer. 


Best Regards,

Zhenhua


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
  2014-09-17  3:32 ` zhenhua.luo
@ 2014-09-18  8:20   ` Liviu Gheorghisan
  0 siblings, 0 replies; 5+ messages in thread
From: Liviu Gheorghisan @ 2014-09-18  8:20 UTC (permalink / raw)
  To: zhenhua.luo@freescale.com; +Cc: meta-freescale@yoctoproject.org

Ah, I tested on the wrong branch. Resending...

On 09/17/2014 06:32 AM, zhenhua.luo@freescale.com wrote:
>> -----Original Message-----
>> From: meta-freescale-bounces@yoctoproject.org [mailto:meta-freescale-
>> bounces@yoctoproject.org] On Behalf Of Liviu Gheorghisan
>> Sent: Monday, September 15, 2014 3:14 PM
>>
>> diff --git a/recipes-kernel/linux/linux-qoriq-prt_3.12.bb b/recipes-
>> kernel/linux/linux-qoriq-prt_3.12.bb
>> index 5d9a1f0..1716651 100644
>> --- a/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
>> +++ b/recipes-kernel/linux/linux-qoriq-prt_3.12.bb
> [Luo Zhenhua-B19537] This linux bb file doesn't exist in meta-fsl-ppc layer.
>
>
> Best Regards,
>
> Zhenhua

-- 
Liviu Gheorghisan
Software Engineer

Enea Services Romania
Splaiul Independentei 319, OB403A,
District 6, Bucharest,
Romania, 060044

<liviu.gheorghisan@enea.com>
http://www.enea.com/



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
@ 2014-09-15  7:22 Liviu Gheorghisan
  0 siblings, 0 replies; 5+ messages in thread
From: Liviu Gheorghisan @ 2014-09-15  7:22 UTC (permalink / raw)
  To: meta-ti

A NULL pointer dereference flaw was found in the way the
Linux kernel's Stream Control Transmission Protocol
(SCTP) implementation handled simultaneous connections
between the same hosts. A remote attacker could use this
flaw to crash the system.

References:
    - https://access.redhat.com/security/cve/CVE-2014-5077
    - http://patchwork.ozlabs.org/patch/372475/

Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
---
 ...p-inherit-auth-capable-on-INIT-collisions.patch | 33 ++++++++++++++++++++++
 recipes-kernel/linux/linux-keystone_3.10.bb        |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch

diff --git a/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
new file mode 100644
index 0000000..f196d24
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,33 @@
+CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
+
+A NULL pointer dereference flaw was found in the way the 
+Linux kernel's Stream Control Transmission Protocol 
+(SCTP) implementation handled simultaneous connections 
+between the same hosts. A remote attacker could use this 
+flaw to crash the system.
+
+References:
+    - https://access.redhat.com/security/cve/CVE-2014-5077
+    - http://patchwork.ozlabs.org/patch/372475/
+
+Upstream-Status: Backport
+
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
+Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Cc: Vlad Yasevich <vyasevich@gmail.com>
+---
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index cef5099..c2d5109 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1198,6 +1198,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+ 	asoc->c = new->c;
+ 	asoc->peer.rwnd = new->peer.rwnd;
+ 	asoc->peer.sack_needed = new->peer.sack_needed;
++	asoc->peer.auth_capable = new->peer.auth_capable;
+ 	asoc->peer.i = new->peer.i;
+ 	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+ 			 asoc->peer.i.initial_tsn, GFP_ATOMIC);
diff --git a/recipes-kernel/linux/linux-keystone_3.10.bb b/recipes-kernel/linux/linux-keystone_3.10.bb
index a90ae47..e2ab8a6 100644
--- a/recipes-kernel/linux/linux-keystone_3.10.bb
+++ b/recipes-kernel/linux/linux-keystone_3.10.bb
@@ -31,6 +31,7 @@ SRC_URI = "git://git.ti.com/keystone-linux/linux.git;protocol=git;branch=${BRANC
            file://Fix_HRTICK_related_deadlock_from_ntp_lock.patch\
            file://dts-for-m800.patch\
            file://Fix-CVE-2014-2309-dont-set-DST_NOCOUNT-for-remotely.patch\
+           file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch\
            "
 
 S = "${WORKDIR}/git"
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-09-18  8:20 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-15  7:14 [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference Liviu Gheorghisan
2014-09-15 12:50 ` Otavio Salvador
2014-09-17  3:32 ` zhenhua.luo
2014-09-18  8:20   ` Liviu Gheorghisan
  -- strict thread matches above, loose matches on Subject: below --
2014-09-15  7:22 Liviu Gheorghisan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.