[kernel/f18] CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)

Josh Boyer jwboyer at fedoraproject.org
Thu Jun 6 12:21:34 UTC 2013 

commit aec19f244689338841defe8ca92779df18ce4359
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Thu Jun 6 08:20:24 2013 -0400

    CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)

 cve-2013-2147-ciss-info-leak.patch |   27 +++++++++++++++++++++++++++
 kernel.spec                        |    9 +++++++++
 2 files changed, 36 insertions(+), 0 deletions(-)
---
diff --git a/cve-2013-2147-ciss-info-leak.patch b/cve-2013-2147-ciss-info-leak.patch
new file mode 100644
index 0000000..ee49d3b
--- /dev/null
+++ b/cve-2013-2147-ciss-info-leak.patch
@@ -0,0 +1,27 @@
+diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
+index 639d26b..2b94403 100644
+--- a/drivers/block/cpqarray.c
++++ b/drivers/block/cpqarray.c
+@@ -1193,6 +1193,7 @@ out_passthru:
+ 		ida_pci_info_struct pciinfo;
+ 
+ 		if (!arg) return -EINVAL;
++		memset(&pciinfo, 0, sizeof(pciinfo));
+ 		pciinfo.bus = host->pci_dev->bus->number;
+ 		pciinfo.dev_fn = host->pci_dev->devfn;
+ 		pciinfo.board_id = host->board_id;
+
+  diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
+index 6374dc1..34971aa 100644
+--- a/drivers/block/cciss.c
++++ b/drivers/block/cciss.c
+@@ -1201,6 +1201,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
+ 	int err;
+ 	u32 cp;
+ 
++	memset(&arg64, 0, sizeof(arg64));
+ 	err = 0;
+ 	err |=
+ 	    copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
+
+  
\ No newline at end of file
diff --git a/kernel.spec b/kernel.spec
index e9f1ea4..b11dd1b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -770,6 +770,9 @@ Patch25026: Modify-UEFI-anti-bricking-code.patch
 #CVE-2013-2140 rhbz 971146 971148
 Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch
 
+#CVE-2013-2147 rhbz 971242 971249
+Patch25032: cve-2013-2147-ciss-info-leak.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1478,6 +1481,9 @@ ApplyPatch Modify-UEFI-anti-bricking-code.patch
 #CVE-2013-2140 rhbz 971146 971148
 ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch
 
+#CVE-2013-2147 rhbz 971242 971249
+ApplyPatch cve-2013-2147-ciss-info-leak.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2323,6 +2329,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Thu Jun 06 2013 Josh Boyer <jwboyer at redhat.com>
+- CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249)
+
 * Wed Jun 05 2013 Josh Boyer <jwboyer at redhat.com>
 - CVE-2013-2140 xen: blkback: insufficient permission checks for BLKIF_OP_DISCARD (rhbz 971146 971148)

More information about the scm-commits mailing list