[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
linux (6.12.10-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.10
- jbd2: increase IO priority for writing revoke records
- jbd2: flush filesystem device before updating tail sequence
- fs/writeback: convert wbc_account_cgroup_owner to take a folio
- iomap: pass byte granular end position to iomap_add_to_ioend
- iomap: fix zero padding data issue in concurrent append writes
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- netfs: Fix enomem handling in buffered reads
- nfs: Fix oops in nfs_netfs_init_request() when copying to cache
- netfs: Fix missing barriers by using clear_and_wake_up_bit()
- netfs: Fix ceph copy to cache on write-begin
- netfs: Fix the (non-)cancellation of copy when cache is temporarily
disabled
- netfs: Fix is-caching check in read-retry
- exfat: fix the infinite loop in exfat_readdir()
- exfat: fix the new buffer was not zeroed before writing
- exfat: fix the infinite loop in __exfat_free_cluster()
- fuse: respect FOPEN_KEEP_CACHE on opendir
- ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
- ovl: support encoding fid from inode with no alias
- [amd64] ASoC: rt722: add delay time to wait for the calibration procedure
- [arm64] ASoC: mediatek: disable buffer pre-allocation
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- net: libwx: fix firmware mailbox abnormal return
- btrfs: avoid NULL pointer dereference if no valid extent tree
- pds_core: limit loop over fw name list
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails
- bnxt_en: Fix DIM shutdown
- cxgb4: Avoid removal of uninserted tid
- net: don't dump Tx and uninitialized NAPIs
- ice: fix max values for dpll pin phase adjust
- ice: fix incorrect PHY settings for 100 GB/s
- igc: return early when failing to read EECD register
- tls: Fix tls_sw_sendmsg error handling
- ipvlan: Fix use-after-free in ipvlan_get_iflink().
- [amd64,arm64] eth: gve: use appropriate helper to set xdp_features
- Bluetooth: hci_sync: Fix not setting Random Address when required
- Bluetooth: MGMT: Fix Add Device to responding before completing
- Bluetooth: btnxpuart: Fix driver sending truncated data
- Bluetooth: btmtk: Fix failed to send func ctrl for MediaTek devices.
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
- [arm64] net: hns3: fixed reset failure issues caused by the incorrect
reset type
- [arm64] net: hns3: fix missing features due to dev->features configuration
too early
- [arm64] net: hns3: Resolved the issue that the debugfs query result is
inconsistent.
- [arm64] net: hns3: don't auto enable misc vector
- [arm64] net: hns3: initialize reset_timer before hclgevf_misc_irq_init()
- [arm64] net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of
bounds issue
- [arm64] net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
- mctp i3c: fix MCTP I3C driver multi-thread issue
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
- sched: sch_cake: add bounds checks to host bulk flow fairness counts
- net/mlx5: Fix variable not being completed when function returns
- [arm64] drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err
- [arm64] drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
- [arm64] drm/mediatek: Add support for 180-degree rotation in the display
driver
- [arm64] drm/mediatek: stop selecting foreign drivers
- [arm64] drm/mediatek: Fix YCbCr422 color format issue for DP
- [arm64] drm/mediatek: Fix mode valid issue for dp
- [arm64] drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188
- gpio: virtuser: fix missing lookup table cleanups
- gpio: virtuser: fix handling of multiple conn_ids in lookup table
- [arm64] drm/mediatek: Add return value check when reading DPCD
- ksmbd: fix a missing return value check bug
- afs: Fix the maximum cell name length
- [amd64] platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it
- [amd64] platform/x86: intel/pmc: Fix ioremap() of bad address
- ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
- [riscv64] module: remove relocation_head rel_entry member allocation
- [riscv64] cpuidle: riscv-sbi: fix device node release in early exit of
for_each_possible_cpu
- [riscv64] mm: Fix the out of bound issue of vmemmap address
- [riscv64] stacktrace: fix backtracing through exceptions
- [riscv64] use local label names instead of global ones in assembly
- drm/xe: Fix tlb invalidation when wedging
- netfs: Fix kernel async DIO
- netfs: Fix read-retry for fs with no ->prepare_read()
- [riscv64] drivers/perf: riscv: Fix Platform firmware event data
- [riscv64] drivers/perf: riscv: Return error for default case
- dm thin: make get_first_thin use rcu-safe list first function
- scsi: ufs: qcom: Power off the PHY if it was already powered on in
ufs_qcom_power_up_sequence()
- vfio/pci: Fallback huge faults for unaligned pfn
- fs: relax assertions on failure to encode file handles
- fs: fix is_mnt_ns_file()
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
2)
- mptcp: sysctl: avail sched: remove write access
- mptcp: sysctl: sched: avoid using current->nsproxy
- mptcp: sysctl: blackhole timeout: avoid using current->nsproxy
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: udp_port: avoid using current->nsproxy
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
- rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
- ksmbd: Implement new SMB3 POSIX type
- btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path
- [arm64] Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing"
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- cgroup/cpuset: Prevent leakage of isolated CPUs into sched domains
- thermal: of: fix OF node leak in of_thermal_zone_find()
- sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()
- sched_ext: switch class when preempted by higher priority scheduler
- cgroup/cpuset: remove kernfs active break
- sched_ext: idle: Refresh idle masks during idle-to-idle transitions
- [arm64] dts: qcom: x1e80100: Fix up BAR space size for PCIe6a
- [arm64] dts: qcom: sa8775p: Fix the size of 'addr_space' regions
- smb: client: sync the root session and superblock context passwords before
automounting
- fs: kill MNT_ONRB
- [riscv64] Fix sleeping in invalid context in die()
- [riscv64] kprobes: Fix incorrect address calculation
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to
irq1_level_low_skip_override[]
- drm/amdgpu: Add a lock when accessing the buddy trim function
- drm/amd/pm: fix BUG: scheduling while atomic
- drm/amd/display: fix divide error in DM plane scale calcs
- drm/amd/display: fix page fault due to max surface definition mismatch
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- io_uring/timeout: fix multishot updates
- io_uring/sqpoll: zero sqd->thread on tctx errors
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: dwc3: gadget: fix writing NYET threshold
- topology: Keep the cpumask unchanged when printing cpumap
- tty: serial: 8250: Fix another runtime PM usage counter underflow
- [armhf] serial: stm32: use port lock wrappers for break control
- usb: gadget: u_serial: Disable ep before setting port to null to fix the
crash caused by port being null
- [x86] fpu: Ensure shadow stack is active before "getting" registers
- usb: dwc3-am62: Disable autosuspend during remove
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: midi2: Reverse-select at the right place
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and
in the error path of .probe()
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm()
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- usb: gadget: configfs: Ignore trailing LF for user strings to cdev
- usb: host: xhci-plat: set skip_phy_initialization if software node has
XHCI_SKIP_PHY_INIT property
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
- iio: pressure: zpa2326: fix information leak in triggered buffer
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: light: bh1745: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered
buffer
- [arm64] iio: adc: ti-ads8688: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- iio: inkern: call iio_device_put() only on mapped devices
- io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors
occur
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
- [arm64] dts: rockchip: add hevc power domain clock to rk3328
- firewall: remove misplaced semicolon from stm32_firewall_get_firewall
- [arm64] drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported
- io_uring: don't touch sqd->thread off tw add
- iio: imu: inv_icm42600: fix spi burst write not supported
- netdev: prevent accessing NAPI instances from another namespace
[ Salvatore Bonaccorso ]
* [amd64/cloud] drivers/idle: Enable INTEL_IDLE (Closes: #
1078005)
* drivers/bluetooth: Enable BT_INTEL_PCIE as module (Closes: #
1092465)
[dgit import unpatched linux 6.12.10-1]
projects / linux.git / log