This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via de686e49e2a7c12c4b3c46931ecd9d9635565357 (commit) from b69659af02d65f982a2d8fd443f02950593d28fe (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit de686e49e2a7c12c4b3c46931ecd9d9635565357 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 8 09:59:43 2022 +0000
linux: Fix for CVE-2022-0847 aka Dirty Pipe
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: lfs/linux | 3 ++ src/patches/kernel-5.15-CVE-2022-0847.patch | 46 +++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 src/patches/kernel-5.15-CVE-2022-0847.patch
Difference in files: diff --git a/lfs/linux b/lfs/linux index 7a7236eab..0f8f2c184 100644 --- a/lfs/linux +++ b/lfs/linux @@ -141,6 +141,9 @@ ifeq "$(BUILD_ARCH)" "aarch64" endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
+ # Fix for CVE-2022-0847 aka Dirty Pipe + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel-5.15-CVE-2022-0847.patch + ifeq "$(KCFG)" "-headers" # Install the header files cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers diff --git a/src/patches/kernel-5.15-CVE-2022-0847.patch b/src/patches/kernel-5.15-CVE-2022-0847.patch new file mode 100644 index 000000000..5279916c2 --- /dev/null +++ b/src/patches/kernel-5.15-CVE-2022-0847.patch @@ -0,0 +1,46 @@ +From 114e9f141822e6977633d322c1b03e89bd209932 Mon Sep 17 00:00:00 2001 +From: Max Kellermann max.kellermann@ionos.com +Date: Mon, 21 Feb 2022 11:03:13 +0100 +Subject: [PATCH] lib/iov_iter: initialize "flags" in new pipe_buffer + +commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream. + +The functions copy_page_to_iter_pipe() and push_pipe() can both +allocate a new pipe_buffer, but the "flags" member initializer is +missing. + +Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed") +To: Alexander Viro viro@zeniv.linux.org.uk +To: linux-fsdevel@vger.kernel.org +To: linux-kernel@vger.kernel.org +Cc: stable@vger.kernel.org +Signed-off-by: Max Kellermann max.kellermann@ionos.com +Signed-off-by: Al Viro viro@zeniv.linux.org.uk +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + lib/iov_iter.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/iov_iter.c b/lib/iov_iter.c +index 60b5e6edfbaa..c5b2f0f4b8a8 100644 +--- a/lib/iov_iter.c ++++ b/lib/iov_iter.c +@@ -416,6 +416,7 @@ static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t by + return 0; + + buf->ops = &page_cache_pipe_buf_ops; ++ buf->flags = 0; + get_page(page); + buf->page = page; + buf->offset = offset; +@@ -532,6 +533,7 @@ static size_t push_pipe(struct iov_iter *i, size_t size, + break; + + buf->ops = &default_pipe_buf_ops; ++ buf->flags = 0; + buf->page = page; + buf->offset = 0; + buf->len = min_t(ssize_t, left, PAGE_SIZE); +-- +2.30.2 +
hooks/post-receive -- IPFire 2.x development tree