debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)

This commit is contained in:
Romain Perier 2019-07-20 18:14:43 +02:00
parent fbe4322901
commit 091f76e86d
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@ -14,6 +14,8 @@ linux (4.19.37-6) UNRELEASED; urgency=medium
[ Romain Perier ]
* [x86] x86/insn-eval: Fix use-after-free access to LDT entry (CVE-2019-13233)
* [powerpc*] mm/64s/hash: Reallocate context ids on fork (CVE-2019-12817)
* nfc: Ensure presence of required attributes in the deactivate_target handler
(CVE-2019-12984)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 23 Jun 2019 16:15:17 +0200

37
debian/patches/bugfix/all/nfc-Ensure-presence-of-required-attributes-in-the-deactivate_target.patch vendored Normal file
View File

@ -0,0 +1,37 @@
From 385097a3675749cbc9e97c085c0e5dfe4269ca51 Mon Sep 17 00:00:00 2001
From: Young Xiao <92siuyang@gmail.com>
Date: Fri, 14 Jun 2019 15:13:02 +0800
Subject: nfc: Ensure presence of required attributes in the deactivate_target
handler
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=385097a3675749cbc9e97c085c0e5dfe4269ca51
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-12984
Check that the NFC_ATTR_TARGET_INDEX attributes (in addition to
NFC_ATTR_DEVICE_INDEX) are provided by the netlink client prior to
accessing them. This prevents potential unhandled NULL pointer dereference
exceptions which can be triggered by malicious user-mode programs,
if they omit one or both of these attributes.
Signed-off-by: Young Xiao <92siuyang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/nfc/netlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 1180b3e58a0a..ea64c90b14e8 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -911,7 +911,8 @@ static int nfc_genl_deactivate_target(struct sk_buff *skb,
u32 device_idx, target_idx;
int rc;
- if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
+ if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
+ !info->attrs[NFC_ATTR_TARGET_INDEX])
return -EINVAL;
device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
--
cgit 1.2-0.3.lf.el7

1
debian/patches/series vendored
View File

@ -232,6 +232,7 @@ bugfix/all/tcp-refine-memory-limit-test-in-tcp_fragment.patch
bugfix/all/ptrace-Fix-ptracer_cred-handling-for-PTRACE_TRACEME.patch
bugfix/x86/x86-insn-eval-Fix-use-after-free-access-to-LDT-entry.patch
bugfix/powerpc/powerpc-mm-64s-hash-Reallocate-context-ids-on-fork.patch
bugfix/all/nfc-Ensure-presence-of-required-attributes-in-the-deactivate_target.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch