rpms / kpatch-patch-4_18_0-372_19_1

Clone
Source Code
GIT

Blame SOURCES/CVE-2022-2588.patch

c8
  1.   163da75c798a25d96f958603f78ad2e6c85cb5ac
  2.   SOURCES
  3.   CVE-2022-2588.patch
Blob History Raw
163da7 
From 40fea653c0535b0963a20f3768475a21745966a1 Mon Sep 17 00:00:00 2001
163da7 
From: Julia Denham <jdenham@redhat.com>
163da7 
Date: Wed, 5 Oct 2022 10:46:32 -0400
163da7 
Subject: [KPATCH CVE-2022-2588] kpatch fixes for CVE-2022-2588
163da7
163da7 
Kernels:
163da7 
4.18.0-372.9.1.el8
163da7 
4.18.0-372.13.1.el8_6
163da7 
4.18.0-372.16.1.el8_6
163da7 
4.18.0-372.19.1.el8_6
163da7 
4.18.0-372.26.1.el8_6
163da7
163da7
163da7 
Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-8/-/merge_requests/57
163da7 
Approved-by: Joe Lawrence (@joe.lawrence)
163da7 
Approved-by: Yannick Cote (@ycote1)
163da7 
Changes since last build:
163da7 
arches: x86_64 ppc64le
163da7 
cls_route.o: changed function: route4_change
163da7 
---------------------------
163da7
163da7 
Modifications: none
163da7
163da7 
commit da65135ce599844336767732fe9f4adc731ddf03
163da7 
Author: Felix Maurer <fmaurer@redhat.com>
163da7 
Date:   Fri Aug 19 15:28:46 2022 +0200
163da7
163da7 
    net_sched: cls_route: remove from list when handle is 0
163da7
163da7 
    Bugzilla: https://bugzilla.redhat.com/2121817
163da7 
    CVE: CVE-2022-2588
163da7 
    Y-Commit: 30cff48f9bf8efc15d8a7294c6bf88f013eed546
163da7
163da7 
    O-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2116328
163da7 
    O-CVE: CVE-2022-2588
163da7
163da7 
    commit 9ad36309e2719a884f946678e0296be10f0bb4c1
163da7 
    Author: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
163da7 
    Date:   Tue Aug 9 14:05:18 2022 -0300
163da7
163da7 
        net_sched: cls_route: remove from list when handle is 0
163da7
163da7 
        When a route filter is replaced and the old filter has a 0 handle, the old
163da7 
        one won't be removed from the hashtable, while it will still be freed.
163da7
163da7 
        The test was there since before commit 1109c00547fc ("net: sched: RCU
163da7 
        cls_route"), when a new filter was not allocated when there was an old one.
163da7 
        The old filter was reused and the reinserting would only be necessary if an
163da7 
        old filter was replaced. That was still wrong for the same case where the
163da7 
        old handle was 0.
163da7
163da7 
        Remove the old filter from the list independently from its handle value.
163da7
163da7 
        This fixes CVE-2022-2588, also reported as ZDI-CAN-17440.
163da7
163da7 
        Reported-by: Zhenpeng Lin <zplin@u.northwestern.edu>
163da7 
        Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
163da7 
        Reviewed-by: Kamal Mostafa <kamal@canonical.com>
163da7 
        Cc: <stable@vger.kernel.org>
163da7 
        Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
163da7 
        Link: https://lore.kernel.org/r/20220809170518.164662-1-cascardo@canonical.com
163da7 
        Signed-off-by: Jakub Kicinski <kuba@kernel.org>
163da7
163da7 
    Signed-off-by: Felix Maurer <fmaurer@redhat.com>
163da7 
    Signed-off-by: Augusto Caringi <acaringi@redhat.com>
163da7
163da7 
Signed-off-by: Julia Denham <jdenham@redhat.com>
163da7 
---
163da7 
 net/sched/cls_route.c | 2 +-
163da7 
 1 file changed, 1 insertion(+), 1 deletion(-)
163da7
163da7 
diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c
163da7 
index 94dbc05e40f7..882a0ad65af5 100644
163da7 
--- a/net/sched/cls_route.c
163da7 
+++ b/net/sched/cls_route.c
163da7 
@@ -530,7 +530,7 @@ static int route4_change(struct net *net, struct sk_buff *in_skb,
163da7 
 	rcu_assign_pointer(f->next, f1);
163da7 
 	rcu_assign_pointer(*fp, f);
163da7
163da7 
-	if (fold && fold->handle && f->handle != fold->handle) {
163da7 
+	if (fold) {
163da7 
 		th = to_hash(fold->handle);
163da7 
 		h = from_hash(fold->handle >> 16);
163da7 
 		b = rtnl_dereference(head->table[th]);
163da7 
--
163da7 
2.37.3
163da7
163da7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation