Hi,
Please consider including the following commit in 2.6.32 and 3.8 stable
kernels (all the others already have it), as it fixes CVE-2013-6380:
commit b4789b8e6be3151a955ade74872822f30e8cd914
Author: Mahesh Rajashekhara <Mahesh.Rajashekhara@xxxxxxxx>
Date: Thu Oct 31 14:01:02 2013 +0530
aacraid: prevent invalid pointer dereference
It appears that driver runs into a problem here if fibsize is too small
because we allocate user_srbcmd with fibsize size only but later we
access it until user_srbcmd->sg.count to copy it over to srbcmd.
It is not correct to test (fibsize < sizeof(*user_srbcmd)) because this
structure already includes one sg element and this is not needed for
commands without data. So, we would recommend to add the following
(instead of test for fibsize == 0).
Signed-off-by: Mahesh Rajashekhara <Mahesh.Rajashekhara@xxxxxxxx>
Reported-by: Nico Golde <nico@xxxxxxxxx>
Reported-by: Fabian Yamaguchi <fabs@xxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cheers,
--
Luis
Attachment:
signature.asc
Description: Digital signature