[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (6.1.128-1) bookworm-security; urgency=high
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125
- ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
- bpf, sockmap: Fix race between element replace and close()
(CVE-2024-56664)
- sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
(CVE-2024-53128)
- jbd2: increase IO priority for writing revoke records
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- exfat: fix the infinite loop in exfat_readdir()
- exfat: fix the infinite loop in __exfat_free_cluster()
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
transitivity
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails
- cxgb4: Avoid removal of uninserted tid
- ice: fix incorrect PHY settings for 100 GB/s
- tls: Fix tls_sw_sendmsg error handling
- Bluetooth: hci_sync: Fix not setting Random Address when required
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
- sched: sch_cake: add bounds checks to host bulk flow fairness counts
- net/mlx5: Fix variable not being completed when function returns
- ksmbd: fix a missing return value check bug
- afs: Fix the maximum cell name length
- ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
- dm thin: make get_first_thin use rcu-safe list first function
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: udp_port: avoid using current->nsproxy
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- thermal: of: fix OF node leak in of_thermal_zone_find()
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to
irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
2)
- bpf: Add MEM_WRITE attribute
- bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: dwc3: gadget: fix writing NYET threshold
- topology: Keep the cpumask unchanged when printing cpumap
- usb: gadget: u_serial: Disable ep before setting port to null to fix the
crash caused by port being null
- usb: dwc3-am62: Disable autosuspend during remove
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: inkern: call iio_device_put() only on mapped devices
- io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
- of/address: Add support for 3 address cell bus
- of: address: Fix address translation when address-size is greater than 2
- of: address: Remove duplicated functions
- of: address: Store number of bus flag cells rather than bool
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
(CVE-2024-57892)
- drm: bridge: adv7511: use dev_err_probe in probe function
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127
- [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- bpf: Fix bpf_sk_select_reuseport() memory leak
- openvswitch: fix lockup on tx to unregistering netdev with carrier
- pktgen: Avoid out-of-bounds access in get_imix_entries
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net/mlx5: Fix RDMA TX steering prio
- net/mlx5: Clear port select structure when fail to create
- [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion
- hwmon: (tmp513) Fix division of negative numbers
- Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
- i2c: mux: demux-pinctrl: check initial mux selection, too
- i2c: rcar: fix NACK handling when being a target
- nvmet: propagate npwg topology
- mac802154: check local interfaces before deleting sdata list
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- cachefiles: Parse the "secctx" immediately
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller
drivers
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last
- iomap: avoid avoid truncating 64-bit offset to 32 bits
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- [x86] asm: Make serialize() always_inline
- ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
- zram: fix potential UAF of zram table
- mptcp: be sure to send ack when mptcp-level window re-opens
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- vsock/virtio: discard packets if the transport changes
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
- filemap: avoid truncating 64-bit offset to 32 bits
- fs/proc: fix softlockup in __read_vmcore (part 2)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(CVE-2024-36899)
- [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition
- irqchip: Plug a OF node reference leak in platform_irqchip_probe()
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
- hrtimers: Handle CPU state correctly on hotplug
- [x86] drm/i915/fb: Relax clear color alignment to 64 bytes
- Revert "PCI: Use preserve_config in place of pci_flags"
- iio: imu: inv_icm42600: fix spi burst write not supported
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered
buffer (CVE-2024-57907)
- drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
(CVE-2024-56608)
- drm/amdgpu: fix usage slab after free (CVE-2024-56551)
- block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
- Revert "drm/amdgpu: rework resume handling for display (v2)"
(Closes: #
1094766)
- RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
- scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
- Revert "regmap: detach regmap from dev on regmap_exit"
- wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
- erofs: tidy up EROFS on-disk naming
- erofs: handle NONHEAD !delta[1] lclusters gracefully
- nfsd: add list_head nf_gc to struct nfsd_file
- [x86] xen: fix SLS mitigation in xen_hypercall_iret()
- net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
request
- drm/amd/display: Use HW lock mgr for PSR1
- [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- regmap: detach regmap from dev on regmap_exit
- ipv6: Fix soft lockups in fib6_select_path under high next hop churn
(CVE-2024-56703)
- softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
- xfs: bump max fsgeom struct version
- xfs: hoist freeing of rt data fork extent mappings
- xfs: prevent rt growfs when quota is enabled
- xfs: rt stubs should return negative errnos when rt disabled
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
- xfs: make sure maxlen is still congruent with prod when rounding down
- xfs: introduce protection for drop nlink
- xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
- xfs: allow read IO and FICLONE to run concurrently
- xfs: factor out xfs_defer_pending_abort
- xfs: abort intent items when recovery intents fail
- xfs: only remap the written blocks in xfs_reflink_end_cow_extent
- xfs: up(ic_sema) if flushing data device fails
- xfs: fix internal error from AGFL exhaustion
- xfs: inode recovery does not validate the recovered inode
- xfs: clean up dqblk extraction
- xfs: dquot recovery does not validate the recovered dquot
- xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
- xfs: respect the stable writes flag on the RT device
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
- io_uring: fix waiters missing wake ups (Closes: #
1093243)
- net: sched: fix ets qdisc OOB Indexing
- block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)
- Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
- vfio/platform: check the bounds of read/write syscalls
- ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
(CVE-2024-50304)
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
- wifi: iwlwifi: add a few rate index validity checks
- smb: client: fix UAF in async decryption (CVE-2024-50047)
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to
fix the crash caused by port being null"
- ALSA: usb-audio: Add delay quirk for USB Audio Device
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add support for wooting two he (arm)
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
- [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence
[ Salvatore Bonaccorso ]
* Bump ABI to 31
* [rt] Update to 6.1.127-rt48
[dgit import unpatched linux 6.1.128-1]
projects / linux.git / log