[meta-ti] [PATCH 1/1] CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference

Liviu Gheorghisan liviu.gheorghisan at enea.com
Mon Sep 15 00:22:56 PDT 2014 

A NULL pointer dereference flaw was found in the way the
Linux kernel's Stream Control Transmission Protocol
(SCTP) implementation handled simultaneous connections
between the same hosts. A remote attacker could use this
flaw to crash the system.

References:
    - https://access.redhat.com/security/cve/CVE-2014-5077
    - http://patchwork.ozlabs.org/patch/372475/

Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan at enea.com>
---
 ...p-inherit-auth-capable-on-INIT-collisions.patch | 33 ++++++++++++++++++++++
 recipes-kernel/linux/linux-keystone_3.10.bb        |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch

diff --git a/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
new file mode 100644
index 0000000..f196d24
--- /dev/null
+++ b/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,33 @@
+CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
+
+A NULL pointer dereference flaw was found in the way the 
+Linux kernel's Stream Control Transmission Protocol 
+(SCTP) implementation handled simultaneous connections 
+between the same hosts. A remote attacker could use this 
+flaw to crash the system.
+
+References:
+    - https://access.redhat.com/security/cve/CVE-2014-5077
+    - http://patchwork.ozlabs.org/patch/372475/
+
+Upstream-Status: Backport
+
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Reported-by: Jason Gunthorpe <jgunthorpe at obsidianresearch.com>
+Signed-off-by: Daniel Borkmann <dborkman at redhat.com>
+Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan at enea.com>
+Tested-by: Jason Gunthorpe <jgunthorpe at obsidianresearch.com>
+Cc: Vlad Yasevich <vyasevich at gmail.com>
+---
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c
+index cef5099..c2d5109 100644
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1198,6 +1198,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
+ 	asoc->c = new->c;
+ 	asoc->peer.rwnd = new->peer.rwnd;
+ 	asoc->peer.sack_needed = new->peer.sack_needed;
++	asoc->peer.auth_capable = new->peer.auth_capable;
+ 	asoc->peer.i = new->peer.i;
+ 	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+ 			 asoc->peer.i.initial_tsn, GFP_ATOMIC);
diff --git a/recipes-kernel/linux/linux-keystone_3.10.bb b/recipes-kernel/linux/linux-keystone_3.10.bb
index a90ae47..e2ab8a6 100644
--- a/recipes-kernel/linux/linux-keystone_3.10.bb
+++ b/recipes-kernel/linux/linux-keystone_3.10.bb
@@ -31,6 +31,7 @@ SRC_URI = "git://git.ti.com/keystone-linux/linux.git;protocol=git;branch=${BRANC
            file://Fix_HRTICK_related_deadlock_from_ntp_lock.patch\
            file://dts-for-m800.patch\
            file://Fix-CVE-2014-2309-dont-set-DST_NOCOUNT-for-remotely.patch\
+           file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch\
            "
 
 S = "${WORKDIR}/git"
-- 
1.9.1

More information about the meta-ti mailing list