From 7772de89d6829d4b0b2a8e8f5d30218a99ba0152 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 20 2022 11:39:05 +0000 Subject: import kpatch-patch-5_14_0-70_22_1-1-1.el9_0 --- diff --git a/.gitignore b/.gitignore index e69de29..7e9949e 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/kernel-5.14.0-70.22.1.el9_0.src.rpm +SOURCES/v0.9.6.tar.gz diff --git a/.kpatch-patch-5_14_0-70_22_1.metadata b/.kpatch-patch-5_14_0-70_22_1.metadata index e69de29..359dd43 100644 --- a/.kpatch-patch-5_14_0-70_22_1.metadata +++ b/.kpatch-patch-5_14_0-70_22_1.metadata @@ -0,0 +1,2 @@ +fc3b94f8d711fb5c4628f5b65d021ae93a713321 SOURCES/kernel-5.14.0-70.22.1.el9_0.src.rpm +223c224ddd6896c467b9347ab297e3f7f013f5d7 SOURCES/v0.9.6.tar.gz diff --git a/SOURCES/CVE-2022-34918.patch b/SOURCES/CVE-2022-34918.patch new file mode 100644 index 0000000..c1ef116 --- /dev/null +++ b/SOURCES/CVE-2022-34918.patch @@ -0,0 +1,84 @@ +From 4dbabad13fa5c506138d15506f220006cde28d30 Mon Sep 17 00:00:00 2001 +From: Linqing Lu +Date: Thu, 4 Aug 2022 16:36:13 -0400 +Subject: [KPATCH CVE-2022-34918] kpatch fixes for CVE-2022-34918 + +Kernels: +5.14.0-70.13.1.el9_0 +5.14.0-70.17.1.el9_0 + + +Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-9/-/merge_requests/4 +Approved-by: Joe Lawrence (@joe.lawrence) +Changes since last build: +arches: x86_64 ppc64le +nf_tables_api.o: changed function: nft_add_set_elem +--------------------------- + +Modifications: none + +commit 6fd61750c2355e23d4cb1b1d9de297b884076a06 +Author: Florian Westphal +Date: Mon Jul 4 08:12:40 2022 +0200 + + netfilter: nf_tables: stricter validation of element data + + Bugzilla: https://bugzilla.redhat.com/2104591 + CVE: CVE-2022-34918 + Y-Commit: 42087f51a09378ae5fa93d3bea82b4883f983e57 + + O-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2104592 + Upstream Status: commit 7e6bc1f6cabc + O-CVE: CVE-2022-34918 + + commit 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 + Author: Pablo Neira Ayuso + Date: Sat Jul 2 04:16:30 2022 +0200 + + netfilter: nf_tables: stricter validation of element data + + Make sure element data type and length do not mismatch the one specified + by the set declaration. + + Fixes: 7d7402642eaf ("netfilter: nf_tables: variable sized set element keys / data") + Reported-by: Hugues ANGUELKOV + Signed-off-by: Pablo Neira Ayuso + + Signed-off-by: Florian Westphal + Signed-off-by: Herton R. Krzesinski + +Signed-off-by: Linqing Lu +--- + net/netfilter/nf_tables_api.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index d495e10044dc..741a4e937e6f 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -5094,13 +5094,20 @@ static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set, + struct nft_data *data, + struct nlattr *attr) + { ++ u32 dtype; + int err; + + err = nft_data_init(ctx, data, NFT_DATA_VALUE_MAXLEN, desc, attr); + if (err < 0) + return err; + +- if (desc->type != NFT_DATA_VERDICT && desc->len != set->dlen) { ++ if (set->dtype == NFT_DATA_VERDICT) ++ dtype = NFT_DATA_VERDICT; ++ else ++ dtype = NFT_DATA_VALUE; ++ ++ if (dtype != desc->type || ++ set->dlen != desc->len) { + nft_data_release(data, desc->type); + return -EINVAL; + } +-- +2.37.2 + + diff --git a/SPECS/kpatch-patch.spec b/SPECS/kpatch-patch.spec index c5a9d21..9b06183 100644 --- a/SPECS/kpatch-patch.spec +++ b/SPECS/kpatch-patch.spec @@ -1,17 +1,18 @@ # Set to 1 if building an empty subscription-only package. -%define empty_package 1 +%define empty_package 0 ####################################################### # Only need to update these variables and the changelog %define kernel_ver 5.14.0-70.22.1.el9_0 %define kpatch_ver 0.9.6 -%define rpm_ver 0 -%define rpm_rel 0 +%define rpm_ver 1 +%define rpm_rel 1 %if !%{empty_package} # Patch sources below. DO NOT REMOVE THIS LINE. -Source100: XXX.patch -#Source101: YYY.patch +# +# https://bugzilla.redhat.com/2106306 +Source100: CVE-2022-34918.patch # End of patch sources. DO NOT REMOVE THIS LINE. %endif @@ -187,5 +188,8 @@ It is only a method to subscribe to the kpatch stream for kernel-%{kernel_ver}. %endif %changelog +* Wed Sep 07 2022 Yannick Cote [1-1.el9_0] +- kernel: heap overflow in nft_set_elem_init() [2106306] {CVE-2022-34918} + * Thu Aug 04 2022 Linqing Lu [0-0.el9] - An empty patch to subscribe to kpatch stream for kernel-5.14.0-70.22.1.el9_0 [2115516]