Ubuntu
linux-oem package

~canonical-kernel/ubuntu/+source/linux-oem/+git/focal:oem-5.10

  1. Git
  2. lp:~canonical-kernel/ubuntu/+source/linux-oem/+git/focal
  3. oem-5.10
Last commit made on 2022-01-13
Get this branch:
git clone -b oem-5.10 https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-oem/+git/focal
Members of Canonical Kernel can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
oem-5.10
Repository:
lp:~canonical-kernel/ubuntu/+source/linux-oem/+git/focal

Recent commits

16e4a3e... by Thadeu Lima de Souza Cascardo

UBUNTU: Ubuntu-oem-5.10-5.10.0-1057.61

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

33909f0... by Thadeu Lima de Souza Cascardo

UBUNTU: [Config]: Updated config after updated build dependencies

Ignore: yes
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

2bd7f37... by Thadeu Lima de Souza Cascardo

UBUNTU: SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

In order to avoid potential overflows, test that one given mount parameter
is not larger than PAGE_SIZE when parsing it through legacy_parse_param.

Suggested-by: Stefan Bader <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
CVE-2022-0185
Acked-by: Andy Whitcroft <email address hidden>
Acked-by: Ben Romer <email address hidden>

861807e... by clubby789

UBUNTU: SAUCE: vfs: Out-of-bounds write of heap buffer in fs_context.c

The "PAGE_SIZE - 2 - size" calculation is is an unsigned type so
a large value of "size" results in a high positive value. This
results in heap overflow which can be exploited by a standard
user for privilege escalation.

Signed-off-by: Jamie Hill-Daniel <email address hidden>
Signed-off-by: William Liu <email address hidden>
CVE-2022-0185
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Andy Whitcroft <email address hidden>
Acked-by: Ben Romer <email address hidden>

f74f060... by Thadeu Lima de Souza Cascardo

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

51e3550... by Thadeu Lima de Souza Cascardo

UBUNTU: Ubuntu-oem-5.10-5.10.0-1055.58

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

ce3dc64... by Thadeu Lima de Souza Cascardo

UBUNTU: SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other than 0

BugLink: https://bugs.launchpad.net/bugs/1956585 (OOB write on BPF_RINGBUF (LP: #1956585))

bpf_ringbuf_reserve is currently the only helper that returns a
PTR_TO_ALLOC_MEM, and bpf_ringbuf_submit and bpf_ringbuf_discard expect
only such pointers.

If some arithmetic is done on those pointers, those functions may corrupt
arbritary memory.

Prevent such argument types from having an offset other than 0.

Also, other valid PTR_TO_MEM should not be accepted as parameters to
bpf_ringbuf_submit and bpf_ringbuf_discard. A different type mechanism
should be used instead, in order to guarantee that only values returned by
bpf_ringbuf_reserve can be used.

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

613d4ee... by Thadeu Lima de Souza Cascardo

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

73ac953... by AceLan Kao

UBUNTU: Ubuntu-oem-5.10-5.10.0-1053.55

Signed-off-by: Chia-Lin Kao (AceLan) <email address hidden>

8c9928b... by Greg Kroah-Hartman <email address hidden>

Linux 5.10.83

BugLink: https://bugs.launchpad.net/bugs/1954557

Link: https://<email address hidden>
Tested-by: Shuah Khan <email address hidden>
Tested-by: Hulk Robot <email address hidden>
Tested-by: Florian Fainelli <email address hidden>
Tested-by: Linux Kernel Functional Testing <email address hidden>
Tested-by: Jon Hunter <email address hidden>
Tested-by: Fox Chen <email address hidden>
Tested-by: Pavel Machek (CIP) <email address hidden>
Tested-by: Guenter Roeck <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>