[kernel/f17] CVE-2012-2119 macvtap: zerocopy: vector length is not validated before pinning user pages (rhbz 8142

Justin M. Forbes jforbes at fedoraproject.org
Thu Apr 19 21:11:41 UTC 2012 

commit 3490e9bb740f709ad7ed88fd65554a1251c1d910
Author: Justin M. Forbes <jforbes at redhat.com>
Date:   Thu Apr 19 16:12:54 2012 -0500

    CVE-2012-2119 macvtap: zerocopy: vector length is not validated before pinning user pages (rhbz 814278 814289)

 kernel.spec    |   18 ++++++++++++++----
 mod-extra.list |    5 -----
 2 files changed, 14 insertions(+), 9 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index eb7e7b6..df20b46 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -801,9 +801,11 @@ Patch22000: weird-root-dentry-name-debug.patch
 #selinux ptrace child permissions
 Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
 
-#rhbz 814149 814155
+#rhbz 814149 814155 CVE-2012-2121
 Patch22006: KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
 
+#rhbz 814278 814289 CVE-2012-2119
+Patch22007: macvtap-zerocopy-validate-vector-length.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1559,9 +1561,12 @@ ApplyPatch vgaarb-vga_default_device.patch
 ApplyPatch x86-microcode-Fix-sysfs-warning-during-module-unload-on-unsupported-CPUs.patch
 ApplyPatch x86-microcode-Ensure-that-module-is-only-loaded-for-supported-AMD-CPUs.patch
 
-#rhbz 814149 814155
+#rhbz 814149 814155 CVE-2012-2121
 ApplyPatch KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
 
+#rhbz 814278 814289 CVE-2012-2119
+ApplyPatch macvtap-zerocopy-validate-vector-length.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -1854,7 +1859,7 @@ BuildKernel() {
       for mod in `echo $depends | sed -e 's/,/ /g'`
       do
         match=`grep "^$mod.ko" mod-extra.list` ||:
-        if [ -n "$match" ]
+        if [ -z "$match" ]
         then
           continue
         else
@@ -2407,7 +2412,12 @@ fi
 #              '-'
 %changelog
 * Thu Apr 19 2012 Justin M. Forbes <jforbes at redhat.com>
-- Fix KVM device assignment page leak
+- CVE-2012-2119 macvtap: zerocopy: vector length is not validated before
+  pinning user pages (rhbz 814278 814289)
+- Back out dlm module move (rhbz 811547)
+
+* Thu Apr 19 2012 Justin M. Forbes <jforbes at redhat.com>
+- Fix KVM device assignment page leak (rhbz 814149 814155)
 
 * Wed Apr 18 2012 Josh Boyer <jwboyer at redhat.com>
 - Fix hfsplus bless ioctl with hardlinks (from Matthew Garrett)
diff --git a/mod-extra.list b/mod-extra.list
index e6c8496..f5a4f60 100644
--- a/mod-extra.list
+++ b/mod-extra.list
@@ -15,7 +15,6 @@ dccp_ipv4.ko
 dccp_ipv6.ko
 dccp.ko
 dccp_probe.ko
-dlm.ko
 sctp.ko
 sctp_probe.ko
 rds.ko
@@ -148,11 +147,7 @@ uio_pci_generic.ko
 gfs2.ko
 ocfs2.ko
 ocfs2_dlm.ko
-ocfs2_dlmfs.ko
-ocfs2_nodemanager.ko
 ocfs2_stackglue.ko
-ocfs2_stack_o2cb.ko
-ocfs2_stack_user.ko
 cuse.ko
 affs.ko
 befs.ko

More information about the scm-commits mailing list