Skip to content

[AUTOPATCHER] Patches CVE-2020-11494 for kernel #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
CBL-Mariner-Bot wants to merge 1 commit into
base: 1.0
Choose a base branch
from
Open

[AUTOPATCHER] Patches CVE-2020-11494 for kernel #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions SPECS/kernel/CVE-2020-11494.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
From b9258a2cece4ec1f020715fe3554bc2e360f6264 Mon Sep 17 00:00:00 2001
From: Richard Palethorpe <rpalethorpe@suse.com>
Date: Wed, 1 Apr 2020 12:06:39 +0200
Subject: [PATCH] slcan: Don't transmit uninitialized stack data in padding

struct can_frame contains some padding which is not explicitly zeroed in
slc_bump. This uninitialized data will then be transmitted if the stack
initialization hardening feature is not enabled (CONFIG_INIT_STACK_ALL).

This commit just zeroes the whole struct including the padding.

Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
Fixes: a1044e36e457 ("can: add slcan driver for serial/USB-serial CAN adapters")
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: linux-can@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: security@kernel.org
Cc: wg@grandegger.com
Cc: mkl@pengutronix.de
Cc: davem@davemloft.net
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/can/slcan.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c
index 086dfb1b9d0b31..91cdc0a2b1a740 100644
--- a/drivers/net/can/slcan.c
+++ b/drivers/net/can/slcan.c
@@ -148,7 +148,7 @@ static void slc_bump(struct slcan *sl)
u32 tmpid;
char *cmd = sl->rbuff;

- cf.can_id = 0;
+ memset(&cf, 0, sizeof(cf));

switch (*cmd) {
case 'r':
@@ -187,8 +187,6 @@ static void slc_bump(struct slcan *sl)
else
return;

- *(u64 *) (&cf.data) = 0; /* clear payload */
-
/* RTR frames may have a dlc > 0 but they never have any data bytes */
if (!(cf.can_id & CAN_RTR_FLAG)) {
for (i = 0; i < cf.can_dlc; i++) {
5 changes: 4 additions & 1 deletion SPECS/kernel/kernel.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Summary: Linux Kernel
Name: kernel
Version: 5.4.91
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Distribution: Mariner
Expand Down Expand Up @@ -129,6 +129,7 @@ Patch1100: CVE-2020-27777.nopatch
Patch1101: CVE-2020-29569.nopatch
Patch1102: CVE-2020-28374.nopatch
Patch1103: CVE-2020-36158.nopatch
Patch1104: CVE-2020-11494.patch
BuildRequires: audit-devel
BuildRequires: bc
BuildRequires: diffutils
Expand Down Expand Up @@ -449,6 +450,8 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
%endif

%changelog
* Thu Feb 18 2021 Mariner Autopatcher <cblmargh@microsoft.com> 5.4.91-2
- Added patch files ./patches/CVE-2020-11494/CVE-2020-11494.patch
* Wed Jan 20 2021 Chris Co <chrco@microsoft.com> - 5.4.91-1
- Update source to 5.4.91
- Address CVE-2020-29569, CVE-2020-28374, CVE-2020-36158
Expand Down