[PATCH 0/1x2] [CVE-2012-2313] dl2k: Clean up rio_ioctl
Brad Figg
brad.figg at canonical.com
Wed May 23 15:51:49 UTC 2012
Following this email are two emails with the actual patch. The first
of the two is a clean cherry pick from upstream and it apples to
Precise. The second patch is a very slight 'backport' of the same
commit which applies to all other supported kernels.
CVE-2012-2313
The dl2k driver's rio_ioctl call has a few issues:
- No permissions checking
- Implements SIOCGMIIREG and SIOCGMIIREG using the SIOCDEVPRIVATE numbers
- Has a few ioctls that may have been used for debugging at one point
but have no place in the kernel proper.
This patch removes all but the MII ioctls, renumbers them to use the
standard ones, and adds the proper permission check for SIOCSMIIREG.
We can also get rid of the dl2k-specific struct mii_data in favor of
the generic struct mii_ioctl_data.
Since we have the phyid on hand, we can add the SIOCGMIIPHY ioctl too.
Most of the MII code for the driver could probably be converted to use
the generic MII library but I don't have a device to test the results.
Jeff Mahoney (1):
dl2k: Clean up rio_ioctl
drivers/net/dl2k.c | 53 ++++++++++------------------------------------------
drivers/net/dl2k.h | 7 -------
2 files changed, 10 insertions(+), 50 deletions(-)
--
1.7.9.5
More information about the kernel-team
mailing list