[CVE artful/linux trusty/linux] CVE-2018-7757 -- Memory leak in the SAS subsystem

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[CVE artful/linux trusty/linux] CVE-2018-7757 -- Memory leak in the SAS subsystem

Andy Whitcroft-3
CVE-2018-7757:
    It was discovered that a memory leak existed in the SAS driver
    subsystem of the Linux kernel. A local attacker could use this to
    cause a denial of service (memory exhaustion).

This fix has arrived by direct application in bionic and stable in other
series.  This remains open in artful and trusty.  Following this email
is a patch for both of these.

Proposing for SRU to artful and trusty.

-apw

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[artful/linux trusty/linux 1/1] scsi: libsas: fix memory leak in sas_smp_get_phy_events()

Andy Whitcroft-3
From: Jason Yan <[hidden email]>

We've got a memory leak with the following producer:

while true;
do cat /sys/class/sas_phy/phy-1:0:12/invalid_dword_count >/dev/null;
done

The buffer req is allocated and not freed after we return. Fix it.

Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
Signed-off-by: Jason Yan <[hidden email]>
CC: John Garry <[hidden email]>
CC: chenqilin <[hidden email]>
CC: chenxiang <[hidden email]>
Reviewed-by: Christoph Hellwig <[hidden email]>
Reviewed-by: Hannes Reinecke <[hidden email]>
Signed-off-by: Martin K. Petersen <[hidden email]>

(cherry picked from commit 4a491b1ab11ca0556d2fda1ff1301e862a2d44c4)
CVE-2018-7757
Signed-off-by: Andy Whitcroft <[hidden email]>
---
 drivers/scsi/libsas/sas_expander.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
index 570b2cb2da43..1ecbea8db010 100644
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -684,6 +684,7 @@ int sas_smp_get_phy_events(struct sas_phy *phy)
  phy->phy_reset_problem_count = scsi_to_u32(&resp[24]);
 
  out:
+ kfree(req);
  kfree(resp);
  return res;
 
--
2.17.0


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [artful/linux trusty/linux 1/1] scsi: libsas: fix memory leak in sas_smp_get_phy_events()

Stefan Bader-2
On 24.05.2018 03:56, Andy Whitcroft wrote:

> From: Jason Yan <[hidden email]>
>
> We've got a memory leak with the following producer:
>
> while true;
> do cat /sys/class/sas_phy/phy-1:0:12/invalid_dword_count >/dev/null;
> done
>
> The buffer req is allocated and not freed after we return. Fix it.
>
> Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
> Signed-off-by: Jason Yan <[hidden email]>
> CC: John Garry <[hidden email]>
> CC: chenqilin <[hidden email]>
> CC: chenxiang <[hidden email]>
> Reviewed-by: Christoph Hellwig <[hidden email]>
> Reviewed-by: Hannes Reinecke <[hidden email]>
> Signed-off-by: Martin K. Petersen <[hidden email]>
>
> (cherry picked from commit 4a491b1ab11ca0556d2fda1ff1301e862a2d44c4)
> CVE-2018-7757
> Signed-off-by: Andy Whitcroft <[hidden email]>
Acked-by: Stefan Bader <[hidden email]>

> ---
>  drivers/scsi/libsas/sas_expander.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
> index 570b2cb2da43..1ecbea8db010 100644
> --- a/drivers/scsi/libsas/sas_expander.c
> +++ b/drivers/scsi/libsas/sas_expander.c
> @@ -684,6 +684,7 @@ int sas_smp_get_phy_events(struct sas_phy *phy)
>   phy->phy_reset_problem_count = scsi_to_u32(&resp[24]);
>  
>   out:
> + kfree(req);
>   kfree(resp);
>   return res;
>  
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

ACK: [CVE artful/linux trusty/linux] CVE-2018-7757 -- Memory leak in the SAS subsystem

Khaled Elmously
In reply to this post by Andy Whitcroft-3
On 2018-05-24 11:56:42 , Andy Whitcroft wrote:

> CVE-2018-7757:
>     It was discovered that a memory leak existed in the SAS driver
>     subsystem of the Linux kernel. A local attacker could use this to
>     cause a denial of service (memory exhaustion).
>
> This fix has arrived by direct application in bionic and stable in other
> series.  This remains open in artful and trusty.  Following this email
> is a patch for both of these.
>
> Proposing for SRU to artful and trusty.
>
> -apw
>

Acked-by: Khalid Elmously <[hidden email]>
 

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED: [CVE artful/linux trusty/linux] CVE-2018-7757 -- Memory leak in the SAS subsystem

Khaled Elmously
In reply to this post by Andy Whitcroft-3
Applied to T and A


On 2018-05-24 11:56:42 , Andy Whitcroft wrote:

> CVE-2018-7757:
>     It was discovered that a memory leak existed in the SAS driver
>     subsystem of the Linux kernel. A local attacker could use this to
>     cause a denial of service (memory exhaustion).
>
> This fix has arrived by direct application in bionic and stable in other
> series.  This remains open in artful and trusty.  Following this email
> is a patch for both of these.
>
> Proposing for SRU to artful and trusty.
>
> -apw
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team