diff --git a/debian/changelog b/debian/changelog index c6b8af43b..5e1b09dd3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -428,7 +428,6 @@ linux (4.19.126-1) UNRELEASED; urgency=medium - libceph: ignore pool overlay and cache logic on redirects - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() - - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() - include/asm-generic/topology.h: guard cpumask_of_node() macro argument - iommu: Fix reference count leak in iommu_group_alloc. - parisc: Fix kernel panic in mem_init() diff --git a/debian/patches/bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch b/debian/patches/bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch deleted file mode 100644 index fc4ac93cb..000000000 --- a/debian/patches/bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Alexander Potapenko -Date: Wed, 27 May 2020 22:20:52 -0700 -Subject: fs/binfmt_elf.c: allocate initialized memory in - fill_thread_core_info() -Origin: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-10732 - -KMSAN reported uninitialized data being written to disk when dumping -core. As a result, several kilobytes of kmalloc memory may be written -to the core file and then read by a non-privileged user. - -Reported-by: sam -Signed-off-by: Alexander Potapenko -Signed-off-by: Andrew Morton -Acked-by: Kees Cook -Cc: Al Viro -Cc: Alexey Dobriyan -Cc: -Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com -Link: https://github.com/google/kmsan/issues/76 -Signed-off-by: Linus Torvalds ---- - fs/binfmt_elf.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 13f25e241ac4..25d489bc9453 100644 ---- a/fs/binfmt_elf.c -+++ b/fs/binfmt_elf.c -@@ -1733,7 +1733,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, - (!regset->active || regset->active(t->task, regset) > 0)) { - int ret; - size_t size = regset_size(t->task, regset); -- void *data = kmalloc(size, GFP_KERNEL); -+ void *data = kzalloc(size, GFP_KERNEL); - if (unlikely(!data)) - return 0; - ret = regset->get(t->task, regset, --- -2.27.0.rc0 - diff --git a/debian/patches/series b/debian/patches/series index 684b065d3..7c1319b05 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -296,7 +296,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch -bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch bugfix/all/mm-Fix-mremap-not-considering-huge-pmd-devmap.patch bugfix/x86/srbds/0001-x86-cpu-Add-a-steppings-field-to-struct-x86_cpu_id.patch