[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
linux (6.12.6-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.6
- [arm64] usb: misc: onboard_usb_dev: skip suspend/resume sequence for
USB5744 SMBus support
- serial: sh-sci: Check if TX data was written to device in .tx_empty()
- bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
- sched/deadline: Fix replenish_dl_new_period dl_server condition
- [x86] perf/x86/intel/ds: Unconditionally drain PEBS DS when changing
PEBS_DATA_CFG
- ksmbd: fix racy issue from session lookup and expire
- splice: do not checksum AF_UNIX sockets
- tcp: check space before adding MPTCP SYN options
- perf ftrace: Fix undefined behavior in cmp_profile_data()
- virtio_net: correct netdev_tx_reset_queue() invocation point
- virtio_ring: add a func argument 'recycle_done' to virtqueue_resize()
- virtio_net: ensure netdev_tx_reset_queue is called on tx ring resize
- [riscv64] mm: Do not call pmd dtor on vmemmap page table teardown
- [riscv64] Fix wrong usage of __pa() on a fixmap address
- blk-cgroup: Fix UAF in blkcg_unpin_online()
- block: Switch to using refcount_t for zone write plugs
- block: Use a zone write plug BIO work for REQ_NOWAIT BIOs
- dm: Fix dm-zoned-reclaim zone write pointer alignment
- block: Prevent potential deadlocks in zone write plug error recovery
- gpio: graniterapids: Fix GPIO Ack functionality
- memcg: slub: fix SUnreclaim for post charged objects
- spi: rockchip: Fix PM runtime count on no-op cs
- gpio: ljca: Initialize num before accessing item in ljca_gpio_config
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
- ALSA: hda/realtek: Fix headset mic on Acer Nitro 5
- [riscv64] Fix IPIs usage in kfence_protect_page()
- drm/panic: remove spurious empty line to clean warning
- usb: host: max3421-hcd: Correctly abort a USB request.
- block: Ignore REQ_NOWAIT for zone reset and zone finish operations
- gpio: graniterapids: Fix vGPIO driver crash
- gpio: graniterapids: Fix incorrect BAR assignment
- gpio: graniterapids: Fix invalid GPI_IS register offset
- gpio: graniterapids: Fix invalid RXEVCFG register bitmask
- gpio: graniterapids: Determine if GPIO pad can be used by driver
- gpio: graniterapids: Check if GPIO line can be used for IRQs
- usb: core: hcd: only check primary hcd skip_phy_initialization
- bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL"
- ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys()
- usb: dwc2: Fix HCD resume
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: dwc2: Fix HCD port connection race
- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a
cqe
- usb: gadget: midi2: Fix interpretation of is_midi1 bits
- usb: ehci-hcd: fix call balance of clocks handling routines
- usb: typec: anx7411: fix fwnode_handle reference leak
- usb: dwc3: imx8mp: fix software node kernel dump
- usb: typec: anx7411: fix OF node reference leaks in
anx7411_typec_switch_probe()
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer
- usb: typec: ucsi: Fix completion notifications
- usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode
- [amd64] iommu/vt-d: Remove cache tags before disabling ATS
- [amd64] iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain
- drm/xe: Call invalidation_fence_fini for PT inval fences in error state
- [amd64] drm/i915: Fix memory leak by correcting cache object name in error
handler
- [amd64] drm/i915/color: Stop using non-posted DSB writes for legacy LUT
- [amd64] drm/i915: Fix NULL pointer dereference in capture_engine
- drm/amdgpu: fix UVD contiguous CS mapping problem
- drm/amd/pm: Set SMU v13.0.7 default workload type
- drm/amdgpu: fix when the cleaner shader is emitted
- drm/amdkfd: Dereference null return value
- drm/amdkfd: hard-code cacheline size for gfx11
- drm/amdkfd: hard-code MALL cacheline size for gfx11, gfx12
- xfs: set XFS_SICK_INO_SYMLINK_ZAPPED explicitly when zapping a symlink
- xfs: update btree keys correctly when _insrec splits an inode root block
- xfs: don't drop errno values when we fail to ficlone the entire range
- xfs: return a 64-bit block count from xfs_btree_count_blocks
- xfs: fix null bno_hint handling in xfs_rtallocate_rtg
- xfs: return from xfs_symlink_verify early on V4 filesystems
- xfs: fix scrub tracepoints when inode-rooted btrees are involved
- xfs: only run precommits once per transaction object
- xfs: unlock inodes when erroring out of xfs_trans_alloc_dir
- bpf: Check size for BTF-based ctx access of pointer members
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func()
- bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
- bpf, sockmap: Fix race between element replace and close()
- bpf, sockmap: Fix update element with same
- bpf: Augment raw_tp arguments with PTR_MAYBE_NULL
- perf tools: Fix build-id event recording
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
- wifi: mac80211: init cnt before accessing elem in
ieee80211_copy_mbssid_beacon
- wifi: mac80211: fix a queue stall in certain cases of CSA
- wifi: mac80211: fix station NSS capability initialization order
- perf machine: Initialize machine->env to address a segfault
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
- amdgpu/uvd: get ring reference from rq scheduler
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer()
- net/mlx5: DR, prevent potential error pointer dereference
- wifi: cfg80211: sme: init n_channels before channels[] access
- ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from
kvm_arch_ptp_init()
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips
- net: lapb: increase LAPB_HEADER_LEN
- net: defer final 'struct net' free in netns dismantle
- [arm64] net: mscc: ocelot: fix memory leak on
ocelot_port_add_txtstamp_skb()
- [arm64] net: mscc: ocelot: improve handling of TX timestamp for unknown
skb
- [arm64] net: mscc: ocelot: ocelot->ts_id_lock and
ocelot_port->tx_skbs.lock are IRQ-safe
- [arm64] net: mscc: ocelot: be resilient to loss of PTP packets during
transmission
- [arm64] net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set()
- regulator: axp20x: AXP717: set ramp_delay
- spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user()
- net: sparx5: fix FDMA performance issue
- net: sparx5: fix the maximum frame length register
- ACPI: resource: Fix memory resource type union access
- cxgb4: use port number to set mac addr
- qca_spi: Fix clock speed for multiple QCA7000
- qca_spi: Make driver probing reliable
- ALSA: control: Avoid WARN() for symlink errors
- [amd64] ASoC: amd: yc: Fix the wrong return value
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value
- block: get wp_offset by bdev_offset_from_zone_start
- bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips
- Documentation: networking: Add a caveat to nexthop_compat_mode sysctl
- cifs: Fix rmdir failure due to ongoing I/O on deleted file
- ASoC: tas2781: Fix calibration issue in stress test
- Bluetooth: Improve setsockopt() handling of malformed user input
- libperf: evlist: Fix --cpu argument on hybrid platform
- ASoC: fsl_xcvr: change IFACE_PCM to IFACE_MIXER
- ASoC: fsl_spdif: change IFACE_PCM to IFACE_MIXER
- netfilter: IDLETIMER: Fix for possible ABBA deadlock
- netfilter: nf_tables: do not defer rule destruction via call_rcu
- net: mana: Fix memory leak in mana_gd_setup_irqs
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs
- net: dsa: felix: fix stuck CPU-injected packets with short taprio windows
- net/sched: netem: account for backlog updates from child qdisc
- net, team, bonding: Add netdev_base_features helper
- bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- team: Fix initial vlan_feature set in __team_compute_features
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- [x86] ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating
- Bluetooth: iso: Always release hdev at the end of iso_listen_bis
- Bluetooth: iso: Fix recursive locking warning
- Bluetooth: SCO: Add support for 16 bits transparent voice setting
- Bluetooth: iso: Fix circular lock in iso_listen_bis
- Bluetooth: iso: Fix circular lock in iso_conn_big_sync
- Bluetooth: btmtk: avoid UAF in btmtk_process_coredump
- net: dsa: microchip: KSZ9896 register regmap alignment to 32 bit
boundaries
- net: dsa: tag_ocelot_8021q: fix broken reception
- drm/xe: fix the ERR_PTR() returned on failure to allocate tiny pt
- drm/xe/reg_sr: Remove register pool
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- blk-mq: move cpuhp callback registering out of q->sysfs_lock
- block: Fix potential deadlock while freezing queue and acquiring
sysfs_lock
- [arm64] KVM: arm64: Disable MPAM visibility by default and ignore VMM
writes
- xen/netfront: fix crash when removing device (CVE-2024-53240)
- [x86] make get_cpu_vendor() accessible from Xen code (CVE-2024-53241)
- [x86] objtool/x86: allow syscall instruction ((CVE-2024-53241)
- [x86] static-call: provide a way to do very early static-call updates
(CVE-2024-53241)
- [x86] xen: don't do PV iret hypercall through hypercall page
(CVE-2024-53241)
- [x86] xen: add central hypercall functions (CVE-2024-53241)
- [x86] xen: use new hypercall functions instead of hypercall page
(CVE-2024-53241)
- [x86] xen: remove hypercall page (CVE-2024-53241)
- [x86] static-call: fix 32-bit build
[ Uwe Kleine-König ]
* [arm64] Enable rx8025 driver as module.
[ Salvatore Bonaccorso ]
* drivers/block/zram: Enable lz4, lz4hc and zstd compression support
- Enable ZRAM_BACKEND_LZ4, ZRAM_BACKEND_LZ4HC and ZRAM_BACKEND_ZSTD
(Closes: #
1086172)
* drivers/block/zram: Enable ZRAM_BACKEND_DEFLATE
* drivers/hwmon: Enable SENSORS_SPD5118 as module (Closes: #
1090071)
[dgit import unpatched linux 6.12.6-1]
projects / linux.git / log