rpms / kpatch-patch-4_18_0-305_3_1

Clone
Source Code
GIT

Files

  1.   2228a1e90d7707f04dc4a8ddae349cab16539dae
  2.   SOURCES
  3.   CVE-2021-33909.patch
Blob Blame History Raw 
From 867b652db42ff8fa41b3c25e7ef9df48003ea4eb Mon Sep 17 00:00:00 2001
From: Joe Lawrence <joe.lawrence@redhat.com>
Date: Tue, 6 Jul 2021 13:18:41 -0400
Subject: [PATCH] seq_files: kpatch fix for CVE-2021-33909

Kernels:
4.18.0-305.el8
4.18.0-305.3.1.el8_4
4.18.0-305.7.1.el8_4

Changes since last build:
[x86_64]:
seq_file.o: changed function: seq_read
seq_file.o: changed function: single_open_size
seq_file.o: changed function: traverse

[ppc64le]:
seq_file.o: changed function: seq_read
seq_file.o: changed function: single_open_size
seq_file.o: changed function: traverse.part.4

---------------------------

Kernels:
4.18.0-305.el8
4.18.0-305.3.1.el8_4
4.18.0-305.7.1.el8_4

Modifications: none

commit 217fcaff73c6916b817280df9310852192026615
Author: Ian Kent <ikent@redhat.com>
Date:   Thu Jul 1 08:10:39 2021 +0800

    seq_file: Disallow extremely large seq buffer allocations

    Bugzilla: https://bugzilla.redhat.com/1975181
    CVE: CVE-2021-33909
    Y-Commit: 61d17175cddbac1f305c2704b336c9119b71bbfe

    O-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1975182
    Brew build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=37831839
    Testing: The patch has been tested by Qualys and it has been
             confirmed the patch fixes the problem.
    Upstream status: RHEL only (CVE-2021-33909)

    Author: Eric Sandeen <sandeen@redhat.com>

    seq_file: Disallow extremely large seq buffer allocations

    There is no reasonable need for a buffer larger than this,
    and it avoids int overflow pitfalls.

    Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Eric Sandeen <sandeen@redhat.com>

    Signed-off-by: Ian Kent <ikent@redhat.com>
    Signed-off-by: Frantisek Hrbata <fhrbata@redhat.com>

Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Acked-by: Yannick Cote <ycote@redhat.com>
Acked-by: Artem Savkov <asavkov@redhat.com>
---
 fs/seq_file.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/seq_file.c b/fs/seq_file.c
index 1600034a929bb1..c19ecc1f2d5023 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -29,6 +29,9 @@ static void seq_set_overflow(struct seq_file *m)
 
 static void *seq_buf_alloc(unsigned long size)
 {
+	if (unlikely(size > MAX_RW_COUNT))
+		return NULL;
+
 	return kvmalloc(size, GFP_KERNEL_ACCOUNT);
 }
 
-- 
2.26.3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation