Update to 4.13.4
This commit is contained in:
parent
480c41a802
commit
f3152ccaad
|
@ -1,7 +1,8 @@
|
||||||
linux (4.13.3-1~exp1) UNRELEASED; urgency=medium
|
linux (4.13.4-1~exp1) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
* New upstream stable update:
|
* New upstream stable update:
|
||||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.3
|
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.3
|
||||||
|
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
|
||||||
|
|
||||||
[ Ben Hutchings ]
|
[ Ben Hutchings ]
|
||||||
* [armhf,arm64] mmc: Enable MMC_BCM2835 (Closes: #845422)
|
* [armhf,arm64] mmc: Enable MMC_BCM2835 (Closes: #845422)
|
||||||
|
|
|
@ -1,64 +0,0 @@
|
||||||
From: Dan Carpenter <dan.carpenter@oracle.com>
|
|
||||||
Date: Wed, 30 Aug 2017 16:30:35 +0300
|
|
||||||
Subject: scsi: qla2xxx: Fix an integer overflow in sysfs code
|
|
||||||
Origin: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
|
|
||||||
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=194061
|
|
||||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14051
|
|
||||||
|
|
||||||
The value of "size" comes from the user. When we add "start + size" it
|
|
||||||
could lead to an integer overflow bug.
|
|
||||||
|
|
||||||
It means we vmalloc() a lot more memory than we had intended. I believe
|
|
||||||
that on 64 bit systems vmalloc() can succeed even if we ask it to
|
|
||||||
allocate huge 4GB buffers. So we would get memory corruption and likely
|
|
||||||
a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().
|
|
||||||
|
|
||||||
Only root can trigger this bug.
|
|
||||||
|
|
||||||
Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061
|
|
||||||
|
|
||||||
Cc: <stable@vger.kernel.org>
|
|
||||||
Fixes: b7cc176c9eb3 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
|
|
||||||
Reported-by: shqking <shqking@gmail.com>
|
|
||||||
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
|
|
||||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
||||||
---
|
|
||||||
drivers/scsi/qla2xxx/qla_attr.c | 8 ++++----
|
|
||||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
|
|
||||||
index 08a1feb3a195..8c6ff1682fb1 100644
|
|
||||||
--- a/drivers/scsi/qla2xxx/qla_attr.c
|
|
||||||
+++ b/drivers/scsi/qla2xxx/qla_attr.c
|
|
||||||
@@ -318,6 +318,8 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
|
|
||||||
return -EINVAL;
|
|
||||||
if (start > ha->optrom_size)
|
|
||||||
return -EINVAL;
|
|
||||||
+ if (size > ha->optrom_size - start)
|
|
||||||
+ size = ha->optrom_size - start;
|
|
||||||
|
|
||||||
mutex_lock(&ha->optrom_mutex);
|
|
||||||
switch (val) {
|
|
||||||
@@ -343,8 +345,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
|
|
||||||
}
|
|
||||||
|
|
||||||
ha->optrom_region_start = start;
|
|
||||||
- ha->optrom_region_size = start + size > ha->optrom_size ?
|
|
||||||
- ha->optrom_size - start : size;
|
|
||||||
+ ha->optrom_region_size = start + size;
|
|
||||||
|
|
||||||
ha->optrom_state = QLA_SREADING;
|
|
||||||
ha->optrom_buffer = vmalloc(ha->optrom_region_size);
|
|
||||||
@@ -417,8 +418,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
|
|
||||||
}
|
|
||||||
|
|
||||||
ha->optrom_region_start = start;
|
|
||||||
- ha->optrom_region_size = start + size > ha->optrom_size ?
|
|
||||||
- ha->optrom_size - start : size;
|
|
||||||
+ ha->optrom_region_size = start + size;
|
|
||||||
|
|
||||||
ha->optrom_state = QLA_SWRITING;
|
|
||||||
ha->optrom_buffer = vmalloc(ha->optrom_region_size);
|
|
||||||
--
|
|
||||||
2.11.0
|
|
||||||
|
|
|
@ -112,7 +112,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
||||||
|
|
||||||
# Security fixes
|
# Security fixes
|
||||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||||
bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch
|
|
||||||
bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
|
bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
|
||||||
bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
|
bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
|
||||||
bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
|
bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
|
||||||
|
|
Loading…
Reference in New Issue