rpms/kernel/F-7 linux-2.6-cve-2008-0600.patch, NONE, 1.1 kernel-2.6.spec, 1.3430, 1.3431
Dave Airlie (airlied)
fedora-extras-commits at redhat.com
Sun Feb 10 21:13:17 UTC 2008
Author: airlied
Update of /cvs/pkgs/rpms/kernel/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14047
Modified Files:
kernel-2.6.spec
Added Files:
linux-2.6-cve-2008-0600.patch
Log Message:
* Sun Feb 10 2008 Dave Airlie <airlied at redhat.com> 2.6.23.15-80
- CVE-2008-0600 - remote root vulnerability in vmsplice
linux-2.6-cve-2008-0600.patch:
--- NEW FILE linux-2.6-cve-2008-0600.patch ---
From: Bastian Blank <bastian at waldi.eu.org>
Date: Sun, 10 Feb 2008 14:47:57 +0000 (+0200)
Subject: splice: fix user pointer access in get_iovec_page_array()
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=712a30e63c8066ed84385b12edbfb804f49cbc44
splice: fix user pointer access in get_iovec_page_array()
Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.
But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.
Signed-off-by: Bastian Blank <waldi at debian.org>
Acked-by: Oliver Pinter <oliver.pntr at gmail.com>
Cc: Jens Axboe <jens.axboe at oracle.com>
Cc: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg at cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
---
diff --git a/fs/splice.c b/fs/splice.c
index 14e2262..9b559ee 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
if (unlikely(!len))
break;
error = -EFAULT;
- if (unlikely(!base))
+ if (!access_ok(VERIFY_READ, base, len))
break;
/*
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-7/kernel-2.6.spec,v
retrieving revision 1.3430
retrieving revision 1.3431
diff -u -r1.3430 -r1.3431
--- kernel-2.6.spec 8 Feb 2008 22:00:58 -0000 1.3430
+++ kernel-2.6.spec 10 Feb 2008 21:12:23 -0000 1.3431
@@ -501,6 +501,9 @@
%if !%{nopatches}
+# security CVE 2008-0600 - vmsplice fixage.
+Patch04: linux-2.6-cve-2008-0600.patch
+
# Revert -stable pieces we get from elsewhere here
Patch05: linux-2.6-upstream-reverts.patch
@@ -1113,6 +1116,8 @@
# Revert -stable pieces we get from elsewhere here
ApplyPatch linux-2.6-upstream-reverts.patch -R
+ApplyPatch linux-2.6-cve-2008-0600.patch
+
# Roland's utrace ptrace replacement.
ApplyPatch linux-2.6-utrace-tracehook.patch -F2
ApplyPatch linux-2.6-utrace-tracehook-ia64.patch
@@ -2336,6 +2341,9 @@
%endif
%changelog
+* Sun Feb 10 2008 Dave Airlie <airlied at redhat.com> 2.6.23.15-80
+- CVE-2008-0600 - remote root vulnerability in vmsplice
+
* Fri Feb 08 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.23.15-79
- Linux 2.6.23.15
More information about the fedora-extras-commits
mailing list