From e58e8ae7b6735dd1f65b5bd6e59b3f5897dfd837 Mon Sep 17 00:00:00 2001 From: Liviu Gheorghisan Date: Thu, 18 Sep 2014 10:22:37 +0200 Subject: [PATCH] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. References: - https://access.redhat.com/security/cve/CVE-2014-5077 - http://patchwork.ozlabs.org/patch/372475/ Signed-off-by: Liviu Gheorghisan --- ...erit-auth-capable-on-INIT-collisions.patch | 41 +++++++++++++++++++ .../recipes-kernel/linux/linux-qoriq_3.12.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch new file mode 100644 index 00000000..7d165356 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch @@ -0,0 +1,41 @@ +CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference + +A NULL pointer dereference flaw was found in the way the +Linux kernel's Stream Control Transmission Protocol +(SCTP) implementation handled simultaneous connections +between the same hosts. A remote attacker could use this +flaw to crash the system. + +Upstream-Status: Backport (from v3.16, commit 1be9a950c646c) + +References: + - https://access.redhat.com/security/cve/CVE-2014-5077 + - http://patchwork.ozlabs.org/patch/372475/ + +Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing") +Reported-by: Jason Gunthorpe +Signed-off-by: Daniel Borkmann +Tested-by: Jason Gunthorpe +Cc: Vlad Yasevich +Acked-by: Vlad Yasevich +Signed-off-by: David S. Miller +Signed-off-by: Liviu Gheorghisan +--- + net/sctp/associola.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index 9de23a2..06a9ee6 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc, + asoc->c = new->c; + asoc->peer.rwnd = new->peer.rwnd; + asoc->peer.sack_needed = new->peer.sack_needed; ++ asoc->peer.auth_capable = new->peer.auth_capable; + asoc->peer.i = new->peer.i; + sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, + asoc->peer.i.initial_tsn, GFP_ATOMIC); +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb index 4e9c50b5..93a0bba7 100644 --- a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb +++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb @@ -3,6 +3,7 @@ require recipes-kernel/linux/linux-qoriq.inc SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \ file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \ + file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \ " SRCREV = "c29fe1a733308cbe592b3af054a97be1b91cf2dd" -- 2.40.1