This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 32ce7ab402ffe7cd93ea273af95d5f3d4791a612 (commit) from 6fe4eb60948f405fda7c06929baffbf3c6be2e85 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 32ce7ab402ffe7cd93ea273af95d5f3d4791a612 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 8 09:59:43 2022 +0000
linux: Fix for CVE-2022-0847 aka Dirty Pipe
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: lfs/linux | 3 ++ src/patches/kernel-5.15-CVE-2022-0847.patch | 46 +++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 src/patches/kernel-5.15-CVE-2022-0847.patch
Difference in files: diff --git a/lfs/linux b/lfs/linux index fae9715ec..346deb6f8 100644 --- a/lfs/linux +++ b/lfs/linux @@ -146,6 +146,9 @@ ifeq "$(BUILD_ARCH)" "aarch64" endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
+ # Fix for CVE-2022-0847 aka Dirty Pipe + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel-5.15-CVE-2022-0847.patch + ifeq "$(KCFG)" "-headers" # Install the header files cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers diff --git a/src/patches/kernel-5.15-CVE-2022-0847.patch b/src/patches/kernel-5.15-CVE-2022-0847.patch new file mode 100644 index 000000000..5279916c2 --- /dev/null +++ b/src/patches/kernel-5.15-CVE-2022-0847.patch @@ -0,0 +1,46 @@ +From 114e9f141822e6977633d322c1b03e89bd209932 Mon Sep 17 00:00:00 2001 +From: Max Kellermann max.kellermann@ionos.com +Date: Mon, 21 Feb 2022 11:03:13 +0100 +Subject: [PATCH] lib/iov_iter: initialize "flags" in new pipe_buffer + +commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream. + +The functions copy_page_to_iter_pipe() and push_pipe() can both +allocate a new pipe_buffer, but the "flags" member initializer is +missing. + +Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed") +To: Alexander Viro viro@zeniv.linux.org.uk +To: linux-fsdevel@vger.kernel.org +To: linux-kernel@vger.kernel.org +Cc: stable@vger.kernel.org +Signed-off-by: Max Kellermann max.kellermann@ionos.com +Signed-off-by: Al Viro viro@zeniv.linux.org.uk +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + lib/iov_iter.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/iov_iter.c b/lib/iov_iter.c +index 60b5e6edfbaa..c5b2f0f4b8a8 100644 +--- a/lib/iov_iter.c ++++ b/lib/iov_iter.c +@@ -416,6 +416,7 @@ static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t by + return 0; + + buf->ops = &page_cache_pipe_buf_ops; ++ buf->flags = 0; + get_page(page); + buf->page = page; + buf->offset = offset; +@@ -532,6 +533,7 @@ static size_t push_pipe(struct iov_iter *i, size_t size, + break; + + buf->ops = &default_pipe_buf_ops; ++ buf->flags = 0; + buf->page = page; + buf->offset = 0; + buf->len = min_t(ssize_t, left, PAGE_SIZE); +-- +2.30.2 +
hooks/post-receive -- IPFire 2.x development tree