rpms / kpatch-patch-4_18_0-372_16_1

Clone
Source Code
GIT

Blame SOURCES/CVE-2022-2588.patch

c8
  1.   7f409ea42ac9652dd8af2403a5d62e50df09d06b
  2.   SOURCES
  3.   CVE-2022-2588.patch
Blob History Raw
7f409e 
From 40fea653c0535b0963a20f3768475a21745966a1 Mon Sep 17 00:00:00 2001
7f409e 
From: Julia Denham <jdenham@redhat.com>
7f409e 
Date: Wed, 5 Oct 2022 10:46:32 -0400
7f409e 
Subject: [KPATCH CVE-2022-2588] kpatch fixes for CVE-2022-2588
7f409e
7f409e 
Kernels:
7f409e 
4.18.0-372.9.1.el8
7f409e 
4.18.0-372.13.1.el8_6
7f409e 
4.18.0-372.16.1.el8_6
7f409e 
4.18.0-372.19.1.el8_6
7f409e 
4.18.0-372.26.1.el8_6
7f409e
7f409e
7f409e 
Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-8/-/merge_requests/57
7f409e 
Approved-by: Joe Lawrence (@joe.lawrence)
7f409e 
Approved-by: Yannick Cote (@ycote1)
7f409e 
Changes since last build:
7f409e 
arches: x86_64 ppc64le
7f409e 
cls_route.o: changed function: route4_change
7f409e 
---------------------------
7f409e
7f409e 
Modifications: none
7f409e
7f409e 
commit da65135ce599844336767732fe9f4adc731ddf03
7f409e 
Author: Felix Maurer <fmaurer@redhat.com>
7f409e 
Date:   Fri Aug 19 15:28:46 2022 +0200
7f409e
7f409e 
    net_sched: cls_route: remove from list when handle is 0
7f409e
7f409e 
    Bugzilla: https://bugzilla.redhat.com/2121817
7f409e 
    CVE: CVE-2022-2588
7f409e 
    Y-Commit: 30cff48f9bf8efc15d8a7294c6bf88f013eed546
7f409e
7f409e 
    O-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2116328
7f409e 
    O-CVE: CVE-2022-2588
7f409e
7f409e 
    commit 9ad36309e2719a884f946678e0296be10f0bb4c1
7f409e 
    Author: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
7f409e 
    Date:   Tue Aug 9 14:05:18 2022 -0300
7f409e
7f409e 
        net_sched: cls_route: remove from list when handle is 0
7f409e
7f409e 
        When a route filter is replaced and the old filter has a 0 handle, the old
7f409e 
        one won't be removed from the hashtable, while it will still be freed.
7f409e
7f409e 
        The test was there since before commit 1109c00547fc ("net: sched: RCU
7f409e 
        cls_route"), when a new filter was not allocated when there was an old one.
7f409e 
        The old filter was reused and the reinserting would only be necessary if an
7f409e 
        old filter was replaced. That was still wrong for the same case where the
7f409e 
        old handle was 0.
7f409e
7f409e 
        Remove the old filter from the list independently from its handle value.
7f409e
7f409e 
        This fixes CVE-2022-2588, also reported as ZDI-CAN-17440.
7f409e
7f409e 
        Reported-by: Zhenpeng Lin <zplin@u.northwestern.edu>
7f409e 
        Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
7f409e 
        Reviewed-by: Kamal Mostafa <kamal@canonical.com>
7f409e 
        Cc: <stable@vger.kernel.org>
7f409e 
        Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
7f409e 
        Link: https://lore.kernel.org/r/20220809170518.164662-1-cascardo@canonical.com
7f409e 
        Signed-off-by: Jakub Kicinski <kuba@kernel.org>
7f409e
7f409e 
    Signed-off-by: Felix Maurer <fmaurer@redhat.com>
7f409e 
    Signed-off-by: Augusto Caringi <acaringi@redhat.com>
7f409e
7f409e 
Signed-off-by: Julia Denham <jdenham@redhat.com>
7f409e 
---
7f409e 
 net/sched/cls_route.c | 2 +-
7f409e 
 1 file changed, 1 insertion(+), 1 deletion(-)
7f409e
7f409e 
diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c
7f409e 
index 94dbc05e40f7..882a0ad65af5 100644
7f409e 
--- a/net/sched/cls_route.c
7f409e 
+++ b/net/sched/cls_route.c
7f409e 
@@ -530,7 +530,7 @@ static int route4_change(struct net *net, struct sk_buff *in_skb,
7f409e 
 	rcu_assign_pointer(f->next, f1);
7f409e 
 	rcu_assign_pointer(*fp, f);
7f409e
7f409e 
-	if (fold && fold->handle && f->handle != fold->handle) {
7f409e 
+	if (fold) {
7f409e 
 		th = to_hash(fold->handle);
7f409e 
 		h = from_hash(fold->handle >> 16);
7f409e 
 		b = rtnl_dereference(head->table[th]);
7f409e 
--
7f409e 
2.37.3
7f409e
7f409e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation