[packages/kernel/LINUX_3_7] - fix CVE-2013-2094 - rel 8

baggins baggins at pld-linux.org
Wed May 15 08:02:12 CEST 2013


commit f2cdc8a4096f4055ae7ee5d56c34c82c1d2b1f51
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Wed May 15 08:01:58 2013 +0200

    - fix CVE-2013-2094
    - rel 8

 CVE-2013-2094.patch | 38 ++++++++++++++++++++++++++++++++++++++
 kernel.spec         |  4 +++-
 2 files changed, 41 insertions(+), 1 deletion(-)
---
diff --git a/kernel.spec b/kernel.spec
index f53162e..800b4c5 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -66,7 +66,7 @@
 %define		have_pcmcia	0
 %endif
 
-%define		rel		7
+%define		rel		8
 %define		basever		3.7
 %define		postver		.10
 
@@ -227,6 +227,7 @@ Patch400:	kernel-virtio-gl-accel.patch
 Patch2000:	kernel-small_fixes.patch
 Patch2001:	kernel-pwc-uncompress.patch
 Patch2003:	kernel-regressions.patch
+Patch2004:	CVE-2013-2094.patch
 
 # http://git.kernel.org/?p=linux/kernel/git/jj/linux-apparmor.git;a=shortlog;h=refs/heads/v3.5-aa2.8
 Patch5000:	kernel-apparmor.patch
@@ -708,6 +709,7 @@ cd linux-%{basever}
 %patch2000 -p1
 %patch2001 -p1
 #%patch2003 -p1
+%patch2004 -p1
 
 # Do not remove this, please!
 #%%patch50000 -p1
diff --git a/CVE-2013-2094.patch b/CVE-2013-2094.patch
new file mode 100644
index 0000000..d2d909a
--- /dev/null
+++ b/CVE-2013-2094.patch
@@ -0,0 +1,38 @@
+From 8176cced706b5e5d15887584150764894e94e02f Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tt.rantala at gmail.com>
+Date: Sat, 13 Apr 2013 19:49:14 +0000
+Subject: perf: Treat attr.config as u64 in perf_swevent_init()
+
+Trinity discovered that we fail to check all 64 bits of
+attr.config passed by user space, resulting to out-of-bounds
+access of the perf_swevent_enabled array in
+sw_perf_event_destroy().
+
+Introduced in commit b0a873ebb ("perf: Register PMU
+implementations").
+
+Signed-off-by: Tommi Rantala <tt.rantala at gmail.com>
+Cc: Peter Zijlstra <a.p.zijlstra at chello.nl>
+Cc: davej at redhat.com
+Cc: Paul Mackerras <paulus at samba.org>
+Cc: Arnaldo Carvalho de Melo <acme at ghostprotocols.net>
+Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+---
+(limited to 'kernel/events/core.c')
+
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 7e0962e..4d3124b 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -5331,7 +5331,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+ 
+ static int perf_swevent_init(struct perf_event *event)
+ {
+-	int event_id = event->attr.config;
++	u64 event_id = event->attr.config;
+ 
+ 	if (event->attr.type != PERF_TYPE_SOFTWARE)
+ 		return -ENOENT;
+--
+cgit v0.9.1
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/f2cdc8a4096f4055ae7ee5d56c34c82c1d2b1f51



More information about the pld-cvs-commit mailing list