[kernel] r15152 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Feb 14 19:55:30 UTC 2010
Author: dannf
Date: Sun Feb 14 19:52:18 2010
New Revision: 15152
Log:
futex: Handle user space corruption gracefully (CVE-2010-0622)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Sun Feb 14 19:46:17 2010 (r15151)
+++ dists/etch-security/linux-2.6.24/debian/changelog Sun Feb 14 19:52:18 2010 (r15152)
@@ -22,6 +22,7 @@
(CVE-2010-0003)
* netfilter: ebtables: enforce CAP_NET_ADMIN (CVE-2010-0007)
* Fix several issues with mmap/mremap (CVE-2010-0291)
+ * futex: Handle user space corruption gracefully (CVE-2010-0622)
-- dann frazier <dannf at debian.org> Sun, 31 Jan 2010 17:17:52 -0700
Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch Sun Feb 14 19:52:18 2010 (r15152)
@@ -0,0 +1,30 @@
+commit 280e667abc35af480c59d86fc63b4130ecb9e6bf
+Author: dann frazier <dannf at hp.com>
+Date: Sun Feb 14 12:49:24 2010 -0700
+
+ [Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>]
+
+ commit 51246bfd189064079c54421507236fd2723b18f3
+ Author: Thomas Gleixner <tglx at linutronix.de>
+ Date: Tue Feb 2 11:40:27 2010 +0100
+
+ futex: Handle user space corruption gracefully
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index bfc785b..0fdae3e 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -636,6 +636,13 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this)
+ if (!pi_state)
+ return -EINVAL;
+
++ /*
++ * If current does not own the pi_state then the futex is
++ * inconsistent and user space fiddled with the futex value.
++ */
++ if (pi_state->owner != current)
++ return -EINVAL;
++
+ spin_lock(&pi_state->pi_mutex.wait_lock);
+ new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
+
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Sun Feb 14 19:46:17 2010 (r15151)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Sun Feb 14 19:52:18 2010 (r15152)
@@ -18,3 +18,4 @@
+ bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch
+ bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch
+ bugfix/all/untangle-the-do_mremap-mess.patch
++ bugfix/all/futex-handle-user-space-corruption-gracefully.patch
More information about the Kernel-svn-changes
mailing list