[kernel] r15171 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Feb 16 04:49:25 UTC 2010 

Author: dannf
Date: Tue Feb 16 04:49:22 2010
New Revision: 15171

Log:
futex: Handle user space corruption gracefully (CVE-2010-0622)

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/26etch2

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	Tue Feb 16 04:44:36 2010	(r15170)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Feb 16 04:49:22 2010	(r15171)
@@ -10,6 +10,7 @@
   * netfilter: ebtables: enforce CAP_NET_ADMIN (CVE-2010-0007)
   * connector: Delete buggy notification code. (CVE-2010-0410)
   * Fix potential crash with sys_move_pages (CVE-2010-0415)
+  * futex: Handle user space corruption gracefully (CVE-2010-0622)
 
  -- dann frazier <dannf at debian.org>  Mon, 15 Feb 2010 18:32:14 -0700
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch	Tue Feb 16 04:49:22 2010	(r15171)
@@ -0,0 +1,29 @@
+commit aef45f47fa30c94065e970dea6355d433933aa56
+Author: dann frazier <dannf at hp.com>
+Date:   Mon Feb 15 21:46:14 2010 -0700
+
+    [ Backported to Debian's 2.6.18 ]
+    commit 51246bfd189064079c54421507236fd2723b18f3
+    Author: Thomas Gleixner <tglx at linutronix.de>
+    Date:   Tue Feb 2 11:40:27 2010 +0100
+    
+        futex: Handle user space corruption gracefully
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 46c110c..66e1811 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -566,6 +566,13 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this)
+ 	if (!pi_state)
+ 		return -EINVAL;
+ 
++	/*
++	 * If current does not own the pi_state then the futex is
++	 * inconsistent and user space fiddled with the futex value.
++	 */
++	if (pi_state->owner != current)
++		return -EINVAL;
++
+ 	new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
+ 
+ 	/*

Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch2	Tue Feb 16 04:44:36 2010	(r15170)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch2	Tue Feb 16 04:49:22 2010	(r15171)
@@ -7,3 +7,4 @@
 + bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch
 + bugfix/all/connector-delete-buggy-notification-code.patch
 + bugfix/all/fix-potential-crash-with-sys_move_pages.patch
++ bugfix/all/futex-handle-user-space-corruption-gracefully.patch

More information about the Kernel-svn-changes mailing list