Patch libvirt to fix CVE-2023-2700 (#5575)

* Adding new patch file to fix CVE-2023-2700 - v1 * Getting livepatches check to pass - v1 * Getting livepatches check to pass - v2 * Readding libvirt.spec * Redoing commit to SPECS file * Redoing commit to SPECS file - v2 --------- Co-authored-by: Sharath Srikanth Chellappa <sharathsr@microsoft.com>
2023-05-30 08:34:29 -07:00 · 2023-05-30 08:34:29 -07:00 · f50af657d6
parent 93a82d67ea
commit f50af657d6
2 changed files with 55 additions and 1 deletions
--- a/SPECS/libvirt/CVE-2023-2700.patch
+++ b/SPECS/libvirt/CVE-2023-2700.patch
@ -0,0 +1,49 @@
+From 6425a311b8ad19d6f9c0b315bf1d722551ea3585 Mon Sep 17 00:00:00 2001
+From: Tim Shearer <TShearer@adva.com>
+Date: Mon, 1 May 2023 13:15:48 +0000
+Subject: [PATCH] virpci: Resolve leak in virPCIVirtualFunctionList cleanup
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Repeatedly querying an SR-IOV PCI device's capabilities exposes a
+memory leak caused by a failure to free the virPCIVirtualFunction
+array within the parent struct's g_autoptr cleanup.
+
+Valgrind output after getting a single interface's XML description
+1000 times:
+
+==325982== 256,000 bytes in 1,000 blocks are definitely lost in loss record 2,634 of 2,635
+==325982==    at 0x4C3C096: realloc (vg_replace_malloc.c:1437)
+==325982==    by 0x59D952D: g_realloc (in /usr/lib64/libglib-2.0.so.0.5600.4)
+==325982==    by 0x4EE1F52: virReallocN (viralloc.c:52)
+==325982==    by 0x4EE1FB7: virExpandN (viralloc.c:78)
+==325982==    by 0x4EE219A: virInsertElementInternal (viralloc.c:183)
+==325982==    by 0x4EE23B2: virAppendElement (viralloc.c:288)
+==325982==    by 0x4F65D85: virPCIGetVirtualFunctionsFull (virpci.c:2389)
+==325982==    by 0x4F65753: virPCIGetVirtualFunctions (virpci.c:2256)
+==325982==    by 0x505CB75: virNodeDeviceGetPCISRIOVCaps (node_device_conf.c:2969)
+==325982==    by 0x505D181: virNodeDeviceGetPCIDynamicCaps (node_device_conf.c:3099)
+==325982==    by 0x505BC4E: virNodeDeviceUpdateCaps (node_device_conf.c:2677)
+==325982==    by 0x260FCBB2: nodeDeviceGetXMLDesc (node_device_driver.c:355)
+
+Signed-off-by: Tim Shearer <tshearer@adva.com>
+Reviewed-by: JÃ¡n Tomko <jtomko@redhat.com>
+---
+ src/util/virpci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/util/virpci.c b/src/util/virpci.c
+index 9e564e4a4f..cc2b07bbba 100644
+--- a/src/util/virpci.c
+++ b/src/util/virpci.c
+@@ -2245,6 +2245,7 @@ virPCIVirtualFunctionListFree(virPCIVirtualFunctionList *list)
+         g_free(list->functions[i].ifname);
+     }
+ 
+    g_free(list->functions);
+     g_free(list);
+ }
+ 
+-- 
+GitLab
--- a/SPECS/libvirt/libvirt.spec
+++ b/SPECS/libvirt/libvirt.spec
@ -9,13 +9,15 @@
 Summary:        Virtualization API library that supports KVM, QEMU, Xen, ESX etc
 Name:           libvirt
 Version:        7.10.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Virtualization/Libraries
 URL:            https://libvirt.org/
 Source0:        https://libvirt.org/sources/%{name}-%{version}.tar.xz
+# CVE-2023-2700 is fixed by https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
+Patch1:         CVE-2023-2700.patch

 BuildRequires:  audit-libs-devel
 BuildRequires:  augeas
@ -1053,6 +1055,9 @@ exit 0
 %{_libdir}/libnss_libvirt_guest.so.2

 %changelog
+* Wed May 25 2023 Sharath Srikanth Chellappa <sharathsr@microsoft.com> - 7.10.0-5
+- Patch CVE-2023-2700
+
 * Thu Sep 08 2022 Andrew Phelps <anphel@microsoft.com> - 7.10.0-4
 - Change qemu-img BR from binary to package