Bug 444416 (CVE-2008-1675)

Summary: CVE-2008-1675 kernel: [netdrvr] tehuti: move ioctl perm check closer to function start
Product: [Fedora] Fedora Reporter: Jan Lieskovsky <jlieskov>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: alan, davem, jgarzik
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-02 10:57:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 444414    
Bug Blocks: 439966    

Description Jan Lieskovsky 2008-04-28 10:28:58 UTC 
Description of problem:

Alan Cox has reported the followin issue in Tehuti network driver:

<cite>

Random auditing results

tehuti has no security checks on the do_ioctl functions and
it has ioctl methods for patch arbitary 32bit offset from
registers with arbitary 32bit value. Nasty hole

</cite>

Additional info:

The Tehuti network driver was introduced in 2.6.24 kernel:

http://www.linuxhq.com/kernel/v2.6/24/drivers/net/tehuti.h

Proposed patch:

http://git2.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=f946dffed6334f08da065a89ed65026ebf8b33b4
Comment 1 Jan Lieskovsky 2008-04-28 10:30:58 UTC 
Please apply first patch from BZ#444414 as these two affects one file
and depend one on the other.
Comment 3 Chuck Ebbert 2008-05-01 06:36:56 UTC 
Patch in 2.6.25-13
Comment 4 Fedora Update System 2008-05-14 21:31:57 UTC 
kernel-2.6.24.7-92.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.