diff --git a/0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch b/0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch new file mode 100644 index 0000000..e78347c --- /dev/null +++ b/0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch @@ -0,0 +1,40 @@ +From 4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 Mon Sep 17 00:00:00 2001 +From: Jason Yan +Date: Thu, 4 Jan 2018 21:04:31 +0800 +Subject: [PATCH] scsi: libsas: fix memory leak in sas_smp_get_phy_events() + +We've got a memory leak with the following producer: + +while true; +do cat /sys/class/sas_phy/phy-1:0:12/invalid_dword_count >/dev/null; +done + +The buffer req is allocated and not freed after we return. Fix it. + +Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver") +Signed-off-by: Jason Yan +CC: John Garry +CC: chenqilin +CC: chenxiang +Reviewed-by: Christoph Hellwig +Reviewed-by: Hannes Reinecke +Signed-off-by: Martin K. Petersen +--- + drivers/scsi/libsas/sas_expander.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c +index ca1566237ae7..1de59c0fdbc0 100644 +--- a/drivers/scsi/libsas/sas_expander.c ++++ b/drivers/scsi/libsas/sas_expander.c +@@ -695,6 +695,7 @@ int sas_smp_get_phy_events(struct sas_phy *phy) + phy->phy_reset_problem_count = scsi_to_u32(&resp[24]); + + out: ++ kfree(req); + kfree(resp); + return res; + +-- +2.14.3 + diff --git a/kernel.spec b/kernel.spec index a4a8653..64060e3 100644 --- a/kernel.spec +++ b/kernel.spec @@ -642,6 +642,9 @@ Patch656: 0001-sctp-verify-size-of-a-new-chunk-in-_sctp_make_chunk.patch # rhbz 1549316 Patch657: ipmi-fixes.patch +# CVE-2018-7757 rhbz 1553361 1553363 +Patch658: 0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch + # END OF PATCH DEFINITIONS %endif @@ -1940,6 +1943,9 @@ fi # # %changelog +* Thu Mar 08 2018 Justin M. Forbes +- Fix CVE-2018-7757 (rhbz 1553361 1553363) + * Tue Mar 06 2018 Laura Abbott - Fixes for IPMI crash (rbhz 1549316)