[kernel/f20] CVE-2014-1446 hamradio/yam: information leak in ioctl (rhbz 1053620 1053647)
Josh Boyer
jwboyer at fedoraproject.org
Wed Jan 15 15:08:34 UTC 2014
commit 7f4eab3f852933ee2048728eb109d317a8d4ba24
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date: Wed Jan 15 10:08:25 2014 -0500
CVE-2014-1446 hamradio/yam: information leak in ioctl (rhbz 1053620 1053647)
hamradio-yam-fix-info-leak-in-ioctl.patch | 36 +++++++++++++++++++++++++++++
kernel.spec | 7 +++++
2 files changed, 43 insertions(+), 0 deletions(-)
---
diff --git a/hamradio-yam-fix-info-leak-in-ioctl.patch b/hamradio-yam-fix-info-leak-in-ioctl.patch
new file mode 100644
index 0000000..057acc5
--- /dev/null
+++ b/hamradio-yam-fix-info-leak-in-ioctl.patch
@@ -0,0 +1,36 @@
+Bugzilla: 1053647
+Upstream-status: 3.13 and 3.12.8
+
+From foo at baz Mon Jan 13 09:44:41 PST 2014
+From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speiro at ai2.upv.es>
+Date: Tue, 17 Dec 2013 10:06:30 +0100
+Subject: hamradio/yam: fix info leak in ioctl
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Salva Peiró <speiro at ai2.upv.es>
+
+[ Upstream commit 8e3fbf870481eb53b2d3a322d1fc395ad8b367ed ]
+
+The yam_ioctl() code fails to initialise the cmd field
+of the struct yamdrv_ioctl_cfg. Add an explicit memset(0)
+before filling the structure to avoid the 4-byte info leak.
+
+Signed-off-by: Salva Peiró <speiro at ai2.upv.es>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ drivers/net/hamradio/yam.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/hamradio/yam.c
++++ b/drivers/net/hamradio/yam.c
+@@ -1057,6 +1057,7 @@ static int yam_ioctl(struct net_device *
+ break;
+
+ case SIOCYAMGCFG:
++ memset(&yi, 0, sizeof(yi));
+ yi.cfg.mask = 0xffffffff;
+ yi.cfg.iobase = yp->iobase;
+ yi.cfg.irq = yp->irq;
diff --git a/kernel.spec b/kernel.spec
index af5695c..c03107a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -763,6 +763,9 @@ Patch25183: ipv6-route-cache-expiration.patch
#CVE-2014-1438 rhbz 1053599 1052914
Patch25184: x86-fpu-amd-clear-exceptions-in-amd-fxsave-workaround.patch
+#CVE-2014-1446 rhbz 1053620 1053647
+Patch25185: hamradio-yam-fix-info-leak-in-ioctl.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1481,6 +1484,9 @@ ApplyPatch ipv6-route-cache-expiration.patch
#CVE-2014-1438 rhbz 1053599 1052914
ApplyPatch x86-fpu-amd-clear-exceptions-in-amd-fxsave-workaround.patch
+#CVE-2014-1446 rhbz 1053620 1053647
+ApplyPatch hamradio-yam-fix-info-leak-in-ioctl.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2284,6 +2290,7 @@ fi
# || ||
%changelog
* Wed Jan 15 2014 Josh Boyer <jwboyer at fedoraproject.org>
+- CVE-2014-1446 hamradio/yam: information leak in ioctl (rhbz 1053620 1053647)
- CVE-2014-1438 x86: exceptions are not cleared in AMD FXSAVE workaround (rhbz 1053599 1052914)
* Tue Jan 14 2014 Josh Boyer <jwboyer at fedoraproject.org>
More information about the scm-commits
mailing list