Hi, Please consider including the following commit in 2.6.32 and 3.8 stable kernels (all the others already have it), as it fixes CVE-2013-6380:
commit b4789b8e6be3151a955ade74872822f30e8cd914 Author: Mahesh Rajashekhara <[email protected]> Date: Thu Oct 31 14:01:02 2013 +0530 aacraid: prevent invalid pointer dereference It appears that driver runs into a problem here if fibsize is too small because we allocate user_srbcmd with fibsize size only but later we access it until user_srbcmd->sg.count to copy it over to srbcmd. It is not correct to test (fibsize < sizeof(*user_srbcmd)) because this structure already includes one sg element and this is not needed for commands without data. So, we would recommend to add the following (instead of test for fibsize == 0). Signed-off-by: Mahesh Rajashekhara <[email protected]> Reported-by: Nico Golde <[email protected]> Reported-by: Fabian Yamaguchi <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Cheers, -- Luis
signature.asc
Description: Digital signature
