Update revocations, which match the next Ubuntu shim v15.7
revocations. Specifically - revoke certs that were previously
protected with by-hash revocations, revoke lost/unused certificates.
Kernels with this patch applied should be signed using ubuntu/4 pro/3
core/2 signing streams.
TPM PCR values and measurements will change when changing the signing
key.
Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Luke Nowakowski-Krijger <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases
multiple times and eventually it will wrap around the maximum number
(i.e., 255).
This patch prevents this by adding a boundary check with
L2CAP_MAX_CONF_RSP
Signed-off-by: Sungwoo Kim <email address hidden>
Signed-off-by: Luiz Augusto von Dentz <email address hidden>
CVE-2022-45934
(cherry picked from commit bcd70260ef56e0aee8a4fc6cd214a419900b0765)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
5f3194f...
by
Luiz Augusto von Dentz <email address hidden>
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
l2cap_global_chan_by_psm shall not return fixed channels as they are not
meant to be connected by (S)PSM.
Signed-off-by: Luiz Augusto von Dentz <email address hidden>
Reviewed-by: Tedd Ho-Jeong An <email address hidden>
CVE-2022-42896
(cherry picked from commit f937b758a188d6fd328a81367087eddbb2fce50f)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
9dd80df...
by
Luiz Augusto von Dentz <email address hidden>
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
The Bluetooth spec states that the valid range for SPSM is from
0x0001-0x00ff so it is invalid to accept values outside of this range:
BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A
page 1059:
Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges
CVE: CVE-2022-42896
CC: <email address hidden>
Reported-by: Tamás Koczka <email address hidden>
Signed-off-by: Luiz Augusto von Dentz <email address hidden>
Reviewed-by: Tedd Ho-Jeong An <email address hidden>
CVE-2022-42896
(cherry picked from commit 711f8c3fb3db61897080468586b970c87c61d9e4)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
bf2d575...
by
Linus Torvalds <email address hidden>
proc: avoid integer type confusion in get_proc_long
proc_get_long() is passed a size_t, but then assigns it to an 'int'
variable for the length. Let's not do that, even if our IO paths are
limited to MAX_RW_COUNT (exactly because of these kinds of type errors).