[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.9.11-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.10
- [powerpc*] 64s: flush L1D on kernel entry (CVE-2020-4788)
- [powerpc*] 64s: flush L1D after user accesses (CVE-2020-4788)
- [powerpc*] Only include kup-radix.h for 64-bit Book3S
- Input: sunkbd - avoid use-after-free in teardown paths (CVE-2020-25669)
- mac80211: always wind down STA state
- can: proc: can_remove_proc(): silence remove_proc_entry warning
- [powerpc*] smp: Call rcu_cpu_starting() earlier
- [x86] perf/x86/intel/uncore: Fix Add BW copypasta
- [x86] KVM: clflushopt should be treated as a no-op by emulation
- [arm64,x86] ACPI: GED: fix -Wformat
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.11
- ah6: fix error return code in ah6_input()
- atm: nicstar: Unmap DMA on send error
- bnxt_en: read EEPROM A2h address using page 0
- devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill()
- [arm64] enetc: Workaround for MDIO register access issue
- Exempt multicast addresses from five-second neighbor lifetime
- inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
- ipv6: Fix error path to cancel the meseage
- lan743x: fix issue causing intermittent kernel log warnings
- lan743x: prevent entire kernel HANG on open, for some platforms
- net: b44: fix error return code in b44_init_one()
- net: bridge: add missing counters to ndo_get_stats64 callback
- [arm64,armhf] net: dsa: mv88e6xxx: Avoid VTU corruption on 6097
- [armhf] net: ethernet: ti: cpsw: fix cpts irq after suspend
- [armhf] net: ethernet: ti: cpsw: fix error return code in cpsw_probe()
- [armhf] net: ftgmac100: Fix crash when removing driver
- net: Have netpoll bring-up DSA management interface
- netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
- netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
- net/mlx4_core: Fix init_hca fields offset
- [armhf] net/ncsi: Fix netlink registration
- net: phy: mscc: remove non-MACSec compatible phy
- net/smc: fix direct access to ib_gid_addr->ndev in
smc_ib_determine_gid()
- [arm64,armhf] net: stmmac: Use rtnl_lock/unlock on
netif_set_real_num_rx_queues() call
- page_frag: Recover from memory pressure
- qed: fix error return code in qed_iwarp_ll2_start()
- qed: fix ILT configuration of SRC block
- qlcnic: fix error return code in qlcnic_83xx_restart_hw()
- sctp: change to hold/put transport for proto_unreach_timer
- tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
- vsock: forward all packets to the host when no H2G is registered
- net/mlx5e: Fix check if netdev is bond slave
- net/mlx5: Add handling of port type in rule deletion
- net/mlx5: Clear bw_share upon VF disable
- net/mlx5: Disable QoS when min_rates on all VFs are zero
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter
- [armhf] net: fec: Fix reference count leak in fec series ops
- bnxt_en: Fix counter overflow logic.
- bnxt_en: Free port stats during firmware reset.
- [arm64,armhf] net: mvneta: fix possible memory leak in
mvneta_swbm_add_rx_fragment
- net: usb: qmi_wwan: Set DTR quirk for MR400
- [armhf] Revert "Revert "gpio: omap: Fix lost edge wake-up interrupts""
- tools, bpftool: Avoid array index warnings.
- [arm64,armhf] pinctrl: rockchip: enable gpio pclk for
rockchip_gpio_to_irq
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold()
- scsi: ufs: Try to save power mode change and UIC cmd completion timeout
- [armhf] pinctrl: mcp23s08: Print error message when regmap init fails
- [x86] ACPI: button: Add DMI quirk for Medion Akoya E2228T
- [arm64] errata: Fix handling of
1418040 with late CPU onlining
- [arm64] psci: Avoid printing in cpu_psci_cpu_die()
- [arm64] smp: Tell RCU about CPUs that fail to come online
- vfs: remove lockdep bogosity in __sb_start_write
- gfs2: fix possible reference leak in gfs2_check_blk_type
- [arm64,armhf] hwmon: (pwm-fan) Fix RPM calculation
- gfs2: Fix case in which ail writes are done to jdata holes
- [arm64] Add MIDR value for KRYO2XX gold/silver CPU cores
- [arm64] kpti: Add KRYO2XX gold/silver CPU cores to kpti safelist
- [arm64] cpu_errata: Apply Erratum 845719 to KRYO2XX Silver
- [arm64,armhf] usb: dwc2: Avoid leaving the error_debugfs label unused
- [arm64] dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay
- [arm64] dts: allwinner: Pine H64: Enable both RGMII RX/TX delay
- [arm64] dts: allwinner: a64: OrangePi Win: Fix ethernet node
- [arm64] dts: allwinner: a64: Pine64 Plus: Fix ethernet node
- [arm64] dts: allwinner: h5: OrangePi PC2: Fix ethernet node
- [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node
- [armhf] Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to
active high"
- [armhf] dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on
Ethernet PHY
- [armhf] dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY
- [armhf] dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on
Ethernet PHY
- [armhf] dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on
Ethernet PHY
- [armhf] dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY
- [arm64] dts: allwinner: h5: libretech-all-h5-cc: Enable RGMII RX/TX
delay on PHY
- [arm64] dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on
PHY
- [mips64el,mipsel] export has_transparent_hugepage() for modules
- [arm64] dts: allwinner: h5: OrangePi Prime: Fix ethernet node
- [armhf] dts: imx6q-prti6q: fix PHY address
- swiotlb: using SIZE_MAX needs limits.h included
- [armhf] dmaengine: ti: omap-dma: Block PM if SDMA is busy to fix audio
- rcu: Don't invoke try_invoke_on_locked_down_task() with irqs disabled
- spi: fix client driver breakages when using GPIO descriptors
- Input: elan_i2c - fix firmware update on newer ICs
- rfkill: Fix use-after-free in rfkill_resume()
- perf lock: Correct field name "flags"
- perf lock: Don't free "lock_seq_stat" if read_count isn't zero
- SUNRPC: Fix oops in the rpc_xdr_buf event class
- [arm64,armhf] drm: bridge: dw-hdmi: Avoid resetting force in the detect
function
- tools, bpftool: Add missing close before bpftool net attach exit
- [amd64] IB/hfi1: Fix error return code in hfi1_init_dd()
- ip_tunnels: Set tunnel option flag when tunnel metadata is present
- can: af_can: prevent potential access of uninitialized member in
can_rcv()
- can: af_can: prevent potential access of uninitialized member in
canfd_rcv()
- can: dev: can_restart(): post buffer from the right context
- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to
can_put_echo_skb()
- can: peak_usb: fix potential integer overflow on shift of a int
- [armhf] can: flexcan: fix failure handling of pm_runtime_get_sync()
- [arm64] ASoC: qcom: lpass-platform: Fix memory leak
- [arm64,armhf] drm/sun4i: dw-hdmi: fix error return code in
sun8i_dw_hdmi_bind()
- net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled
- bpf, sockmap: Fix partial copy_page_to_iter so progress can still be
made
- bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect
- can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits
- dmaengine: fix error codes in channel_register()
- [amd64] iommu/vt-d: Move intel_iommu_gfx_mapped to Intel IOMMU header
- [amd64] iommu/vt-d: Avoid panic if iommu init fails in tboot system
- [armhf] can: flexcan: flexcan_chip_start(): fix erroneous
flexcan_transceiver_enable() during bus-off recovery
- xfs: ensure inobt record walks always make forward progress
- xfs: return corresponding errcode if xfs_initialize_perag() fail
- [x86] ASOC: Intel: kbl_rt5663_rt5514_max98927: Do not try to disable
disabled clock
- [armhf] regulator: ti-abb: Fix array out of bound read access on the
first transition
- lib/strncpy_from_user.c: Mask out bytes after NUL terminator.
- xfs: revert "xfs: fix rmap key and record comparison functions"
- bpf, sockmap: Skb verdict SK_PASS to self already checked rmem limits
- bpf, sockmap: On receive programs try to fast track SK_PASS ingress
- bpf, sockmap: Use truesize with sk_rmem_schedule()
- bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self
- [armhf] efi/arm: set HSCTLR Thumb2 bit correctly for HVC calls from HYP
- [amd64] efi/x86: Free efi_pgd with free_pages()
- sched/fair: Fix overutilized update in enqueue_task_fair()
- sched: Fix data-race in wakeup
- sched: Fix rq->nr_iowait ordering
- libfs: fix error cast of negative value in simple_attr_write()
- afs: Fix speculative status fetch going out of order wrt to
modifications
- HID: logitech-hidpp: Add PID for MX Anywhere 2
- HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin
trackpad
- HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver
- speakup: Do not let the line discipline be used several times
(CVE-2020-28941)
- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
- ALSA: usb-audio: Add delay quirk for all Logitech USB devices
- ALSA: ctl: fix error path at adding user-defined element set
- ALSA: mixart: Fix mutex deadlock
- ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button
- ALSA: hda/realtek - Add supported mute Led for HP
- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)
- ALSA: hda/realtek - HP Headset Mic can't detect after boot
- [armhf] tty: serial: imx: fix potential deadlock
- [armhf] tty: serial: imx: keep console clocks always on
- HID: logitech-dj: Fix an error in mse_bluetooth_descriptor
- [arm64,armhf,x86] efivarfs: fix memory leak in efivarfs_create()
- [arm64,x86] staging: rtl8723bs: Add 024c:0627 to the list of SDIO
device-ids
- xfs: fix forkoff miscalculation related to XFS_LITINO(mp)
- [arm64,x86] ACPI: fan: Initialize performance state sysfs attribute
- [x86] iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type
enum
- [x86] iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for
setting tablet-mode
- [arm64] iio: cros_ec: Use default frequencies when EC returns invalid
information
- spi: Introduce device-managed SPI controller allocation
- [arm64,armhf] spi: bcm2835aux: Fix use-after-free on unbind
- [armhf] regulator: pfuze100: limit pfuze-support-disable-sw to
pfuze{100,200}
- regulator: fix memory leak with repeated set_machine_constraints()
- regulator: avoid resolve_supply() infinite recursion
- regulator: workaround self-referent regulators
- gfs2: Fix regression in freeze_go_sync
- mac80211: minstrel: remove deferred sampling code
- mac80211: minstrel: fix tx status processing corner case
- mac80211: free sta in sta_info_insert_finish() on errors
- [s390x] fix system call exit path
- [s390x] cpum_sf.c: fix file permission for cpum_sfb_size
- [s390x] dasd: fix null pointer dereference for ERP requests
- [x86] Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if
disconnected
- [x86] drm/i915: Handle max_bpc==16
- [x86] drm/i915/tgl: Fix Media power gate sequence.
- io_uring: don't double complete failed reissue request
- mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based
Intel controllers
- [arm64] mmc: sdhci-of-arasan: Allow configuring zero tap values
- [arm64] mmc: sdhci-of-arasan: Use Mask writes for Tap delays
- [arm64] mmc: sdhci-of-arasan: Issue DLL reset explicitly
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats
- ptrace: Set PF_SUPERPRIV when checking capability
- seccomp: Set PF_SUPERPRIV when checking capability
- fanotify: fix logic of reporting name info with watched parent
- [x86] microcode/intel: Check patch signature before saving microcode for
early loading
- mm: never attempt async page lock if we've transferred data already
- mm: fix readahead_page_batch for retry entries
- mm: memcg/slab: fix root memcg vmstats
- mm/userfaultfd: do not access vma->vm_mm after calling
handle_userfault()
[ Ben Hutchings ]
* [arm64][rt] Disable KVM, which currently conflicts with PREEMPT_RT
[ Yves-Alexis Perez ]
* usbnet: ipheth: fix connectivity with iOS 14
[ Salvatore Bonaccorso ]
* Bump ABI to 4
[ Julien Cristau ]
* Disable NOUVEAU_LEGACY_CTX_SUPPORT, which was keeping DRM_LEGACY enabled
for no good reason (closes: #975038)
[dgit import unpatched linux 5.9.11-1]
projects / linux.git / log