[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.10.106-1) bullseye; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- [arm*] i2c: bcm2835: Avoid clock stretching timeouts
- ASoC: rt5682: do not block workqueue if card is unbound
- regulator: core: fix false positive in regulator_late_cleanup()
- Input: clear BTN_RIGHT/MIDDLE on buttonpads
- [arm64] KVM: arm64: vgic: Read HW interrupt pending state from the HW
- tipc: fix a bit overflow in tipc_crypto_key_rcv()
- cifs: fix double free race when mount fails in cifs_get_root()
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958)
- usb: gadget: clear related members when goto fail (CVE-2022-24958)
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
- exfat: fix i_blocks for files truncated over 4 GiB
- tracing: Add test for user space strings when filtering on string pointers
- [armhf] serial: stm32: prevent TDR register overwrite when sending x_char
- ata: pata_hpt37x: fix PCI clock detection
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
- tracing: Add ustring operation to filtering string pointers
- [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- [amd64] iommu/amd: Recover from event log overflow
- [x86] drm/i915: s/JSP2/ICP2/ PCH
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- bpf, sockmap: Do not ignore orig_len parameter
- xfrm: fix the if_id check in changelink
- xfrm: enforce validity of offload input flags
- e1000e: Correct NVM checksum verification flow
- net: fix up skbs delta_truesize in UDP GRO frag_list
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- netfilter: nf_queue: handle socket prefetch
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: ipv6: ensure we call ipv6_mc_down() at most once
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix connection leak
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- rcu/nocb: Fix missed nocb_timer requeue
- ice: Fix race conditions between virtchnl handling and VF ndo ops
- ice: fix concurrent reset and removal of VFs
- sched/topology: Make sched_init_numa() use a set for the deduplicating
sort
- sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
- mac80211: fix forwarded mesh frames AC & queue selection
- net: stmmac: fix return value of __setup handler
- mac80211: treat some SAE auth steps as final
- iavf: Fix missing check for running netdev
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- can: gs_usb: change active_channels's type from atomic_t to u8
- igc: igc_read_phy_reg_gpy: drop premature return
- [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup()
functions
- [arm64,armhf] pinctrl: sunxi: Use unique lockdep classes for IRQs
- igc: igc_write_phy_reg_gpy: drop premature return
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- [armhf] dts: switch timer config to common devkit8000 devicetree
- [armhf] dts: Use 32KiHz oscillator on devkit8000
- [arm64] soc: fsl: guts: Revert commit
3c0d64e867ed
- [arm64] soc: fsl: guts: Add a missing memory allocation failure check
- [armhf] tegra: Move panels to AUX bus
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- iavf: Refactor iavf state machine tracking
- nl80211: Handle nla_memdup failures in handle_nan_filter
- drm/amdgpu: fix suspend/resume hang regression
- net: dcb: disable softirqs in dcbnl_flush_dev()
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume
- HID: add mapping for KEY_DICTATE
- HID: add mapping for KEY_ALL_APPLICATIONS
- tracing/histogram: Fix sorting on old "cpu" value
- tracing: Fix return value of __setup handlers
- btrfs: fix lost prealloc extents beyond eof after full fsync
- btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
- btrfs: add missing run of delayed items after unlink during log replay
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
- hamradio: fix macro redefine warning
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.105
- [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd
- [armhf] report Spectre v2 status through sysfs
- [armel,armhf] early traps initialisation
- [armel,armhf] use LOADADDR() to get load address of sections
- [armel,armhf] Spectre-BHB workaround
- [armel,armhf] include unprivileged BPF status in Spectre V2 reporting
- [arm64] cputype: Add CPU implementor & types for the Apple M1 cores
- [arm64] Add Neoverse-N2, Cortex-A710 CPU part definition
- [arm64] Add Cortex-X2 CPU part definition
- [arm64] Add Cortex-A510 CPU part definition
- [arm64] Add HWCAP for self-synchronising virtual counter
- [arm64] add ID_AA64ISAR2_EL1 sys register
- [arm64] cpufeature: add HWCAP for FEAT_AFP
- [arm64] cpufeature: add HWCAP for FEAT_RPRES
- [arm64] entry.S: Add ventry overflow sanity checks
- [arm64] spectre: Rename spectre_v4_patch_fw_mitigation_conduit
- [arm64] entry: Make the trampoline cleanup optional
- [arm64] entry: Free up another register on kpti's tramp_exit path
- [arm64] entry: Move the trampoline data page before the text page
- [arm64] entry: Allow tramp_alias to access symbols after the 4K boundary
- [arm64] entry: Don't assume tramp_vectors is the start of the vectors
- [arm64] entry: Move trampoline macros out of ifdef'd section
- [arm64] entry: Make the kpti trampoline's kpti sequence optional
- [arm64] entry: Allow the trampoline text to occupy multiple pages
- [arm64] entry: Add non-kpti __bp_harden_el1_vectors for mitigations
- [arm64] entry: Add vectors that have the bhb mitigation sequences
- [arm64] entry: Add macro for reading symbol addresses from the trampoline
- [arm64] Add percpu vectors for EL1
- [arm64] proton-pack: Report Spectre-BHB vulnerabilities as part of
Spectre-v2
- [arm64] KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
- [arm64] Mitigate spectre style branch history side channels
- [arm64] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and
migrated
- [arm64] Use the clearbhb instruction in mitigations
- [arm64] proton-pack: Include unprivileged eBPF status in Spectre v2
mitigation reporting
- [armel,armhf] fix co-processor register typo
- [armel,armhf] Do not use NOCROSSREFS directive with ld.lld
- [armhf] fix build warning in proc-v7-bugs.c
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
(CVE-2022-23040, XSA-396)
- xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036,
CVE-2022-23038, XSA-396)
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23036, XSA-396)
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23037, XSA-396)
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23038, XSA-396)
- xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039,
XSA-396)
- xen: remove gnttab_query_foreign_access()
- xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/gnttab: fix gnttab_end_foreign_access() without page specified
(CVE-2022-23041, XSA-396)
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
(CVE-2022-23042, XSA-396)
- Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106
- [arm64] clk: qcom: gdsc: Add support to update GDSC transition delay
- [arm64] dts: armada-3720-turris-mox: Add missing ethernet0 alias
- tipc: fix kernel panic when enabling bearer
- mISDN: Remove obsolete PIPELINE_DEBUG debugging information
- mISDN: Fix memory leak in dsp_pipeline_build()
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
- isdn: hfcpci: check the return value of dma_set_mask() in setup_hw()
- net: qlogic: check the return value of dma_alloc_coherent() in
qed_vf_hw_prepare()
- esp: Fix BEET mode inter address family tunneling on GSO
- qed: return status of qed_iov_get_link
- i40e: stop disabling VFs due to PF error responses
- ice: stop disabling VFs due to PF error responses
- ice: Align macro names to the specification
- ice: Remove unnecessary checker loop
- ice: Rename a couple of variables
- ice: Fix curr_link_speed advertised speed
- tipc: fix incorrect order of state message data sanity check
- [armhf] net: ethernet: ti: cpts: Handle error for clk_enable
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
- net/mlx5: Fix size field in bufferx_reg struct
- net/mlx5: Fix a race on command flush flow
- net/mlx5e: Lag, Only handle events from highest priority multipath entry
- NFC: port100: fix use-after-free in port100_send_complete
- net: phy: DP83822: clear MISR2 register to disable interrupts
- sctp: fix kernel-infoleak for SCTP sockets
- [arm64] net: bcmgenet: Don't claim WOL when its not available
- [arm64,armhf] spi: rockchip: Fix error in getting num-cs property
- [arm64,armhf] spi: rockchip: terminate dma transmission when slave abort
- net-sysfs: add check for netdevice being present to speed_show
- [armhf] hwmon: (pmbus) Clear pmbus fault/warning bits after read
- gpio: Return EPROBE_DEFER if gc->to_irq is NULL
- Revert "xen-netback: remove 'hotplug-status' once it has served its
purpose"
- Revert "xen-netback: Check for hotplug-status existence before watching"
- ipv6: prevent a possible race condition with lifetimes
- tracing: Ensure trace buffer is at least 4096 bytes large
- fuse: fix pipe buffer lifetime for direct_io
- staging: rtl8723bs: Fix access-point mode deadlock
- [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive
- [arm64] mmc: meson: Fix usage of meson_mmc_post_req()
- [arm64] dts: marvell: armada-37xx: Remap IO space to bus address 0x0
- virtio: unexport virtio_finalize_features
- virtio: acknowledge all features before access
- watch_queue, pipe: Free watchqueue state after clearing pipe ring
(CVE-2022-0995)
- watch_queue: Fix to release page in ->release() (CVE-2022-0995)
- watch_queue: Fix to always request a pow-of-2 pipe ring size
(CVE-2022-0995)
- watch_queue: Fix the alloc bitmap size to reflect notes allocated
(CVE-2022-0995)
- watch_queue: Free the alloc bitmap when the watch_queue is torn down
(CVE-2022-0995)
- watch_queue: Fix lack of barrier/sync/lock between post and read
(CVE-2022-0995)
- watch_queue: Make comment about setting ->defunct more accurate
(CVE-2022-0995)
- [x86] boot: Fix memremap of setup_indirect structures
- [x86] boot: Add setup_indirect support in early_memremap_is_setup_data()
- [x86] traps: Mark do_int3() NOKPROBE_SYMBOL
- ext4: add check to prevent attempting to resize an fs with sparse_super2
- [armel,armhf] fix Thumb2 regression with Spectre BHB
- watch_queue: Fix filter limit check ((CVE-2022-0995)
[ Salvatore Bonaccorso ]
* Bump ABI to 13
* [rt] Update to 5.10.104-rt63
* [rt] Update to 5.10.106-rt64
* sctp: fix the processing for INIT chunk (CVE-2021-3772)
* tcp: make tcp_read_sock() more robust
* io_uring: return back safer resurrect
* [arm64] kvm: Fix copy-and-paste error in bhb templates for v5.10 stable
[dgit import unpatched linux 5.10.106-1]
projects / linux.git / log