UBUNTU: [Config] Move some annotations config options
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING has moved from
'Annotations without notes' because it has a tracker in the note and
CONFIG_WWAN has moved further up due to lexical sort.
drm/vmwgfx: Keep a gem reference to user bos in surfaces
Surfaces can be backed (i.e. stored in) memory objects (mob's) which
are created and managed by the userspace as GEM buffers. Surfaces
grab only a ttm reference which means that the gem object can
be deleted underneath us, especially in cases where prime buffer
export is used.
Forget to reset ctx->password to NULL will lead to bug like double free
Cc: <email address hidden>
Cc: Willy Tarreau <w@1wt.eu>
Reviewed-by: Namjae Jeon <email address hidden>
Signed-off-by: Quang Le <email address hidden>
Signed-off-by: Steve French <email address hidden>
(cherry picked from commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705)
CVE-2023-5345
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
56bb6c7...
by
Wander Lairson Costa <email address hidden>
netfilter: nfnetlink_osf: avoid OOB read
The opt_num field is controlled by user mode and is not currently
validated inside the kernel. An attacker can take advantage of this to
trigger an OOB read and potentially leak information.
BUG: KASAN: slab-out-of-bounds in nf_osf_match_one+0xbed/0xd10 net/netfilter/nfnetlink_osf.c:88
Read of size 2 at addr ffff88804bc64272 by task poc/6431
Also add validation to genre, subtype and version fields.
Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match")
Reported-by: Lucas Leong <email address hidden>
Signed-off-by: Wander Lairson Costa <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
CVE-2023-39189
(cherry picked from commit f4f8a7803119005e87b716874bec07c751efafec)
Signed-off-by: Magali Lemes <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
437bbb6...
by
Pablo Neira Ayuso <email address hidden>
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
New elements in this transaction might expired before such transaction
ends. Skip sync GC for such elements otherwise commit path might walk
over an already released object. Once transaction is finished, async GC
will collect such expired element.
Fixes: f6c383b8c31a ("netfilter: nf_tables: adapt set backend to use GC transaction API")
Signed-off-by: Pablo Neira Ayuso <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
CVE-2023-4244
(cherry picked from commit 2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4)
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
lxc and lxd currently need to determine if the apparmor restriction
on unprivileged user namespaces are being enforced, so that apparmor
restrictions won't break lxc/d, and they won't clutter the logs
by doing something like
unshare true
to test if the restrictions are being enforced.
Ideally access to this information would be restricted so that any
unknown access would be logged, but lxc/d currently aren't ready for
this so in order to _not_ force lxc/d to probe whether enforcement is
enabled, open up read access to the sysctls for unprivileged user
namespace mediation.
Signed-off-by: John Johansen <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>
A reply to a prompt request that denies all permissions requested will
throw the following warning, because the auditing code does not expect
the request field to be empty when generating the audit message.