alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

linux: Add patch to fix CVE-2016-5829 (#16824)

Browse source 
Fixed for all available 4.x series kernels.

From CVE-2016-5829:

  Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
  in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
  local users to cause a denial of service or possibly have unspecified
  other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
  call.
This commit is contained in:
Franz Pletz 2016-07-12 20:56:50 +02:00 committed by GitHub
parent 724224f8f7
commit dde259dfb5
2 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pkgs/os-specific/linux/kernel/patches.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgs }:
{ stdenv, fetchurl, fetchpatch, pkgs }:
let
@ -140,4 +140,12 @@ rec {
{ name = "qat_common_Makefile";
patch = ./qat_common_Makefile.patch;
};
hiddev_CVE_2016_5829 =
{ name = "hiddev_CVE_2016_5829";
patch = fetchpatch {
url = "https://sources.debian.net/data/main/l/linux/4.6.3-1/debian/patches/bugfix/all/HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch";
sha256 = "14rm1qr87p7a5prz8g5fwbpxzdp3ighj095x8rvhm8csm20wspyy";
};
};
}

23
pkgs/top-level/all-packages.nix
View file

@ -10938,7 +10938,10 @@ in
};
linux_4_1 = callPackage ../os-specific/linux/kernel/linux-4.1.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper ]
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.hiddev_CVE_2016_5829
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
@ -10947,7 +10950,11 @@ in
};
linux_4_4 = callPackage ../os-specific/linux/kernel/linux-4.4.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.qat_common_Makefile ]
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.qat_common_Makefile
kernelPatches.hiddev_CVE_2016_5829
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
@ -10956,7 +10963,11 @@ in
};
linux_4_5 = callPackage ../os-specific/linux/kernel/linux-4.5.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.qat_common_Makefile ]
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.qat_common_Makefile
kernelPatches.hiddev_CVE_2016_5829
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
@ -10965,7 +10976,11 @@ in
};
linux_4_6 = callPackage ../os-specific/linux/kernel/linux-4.6.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.qat_common_Makefile ]
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.qat_common_Makefile
kernelPatches.hiddev_CVE_2016_5829
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill