1ddf521...
by
Ubuntu Kernel Bot <email address hidden>
on 2024-03-22
UBUNTU: Ubuntu-6.5.0-27.27
Signed-off-by: Ubuntu Kernel Bot <email address hidden>
301ba32...
by
Ubuntu Kernel Bot <email address hidden>
on 2024-03-22
UBUNTU: debian. master/ dkms-versions -- update from kernel-versions (main/2024.03.04)
BugLink: https:/ /bugs.launchpad .net/bugs/ 2055584
Signed-off-by: Ubuntu Kernel Bot <email address hidden>
46ce82a...
by
Ubuntu Kernel Bot <email address hidden>
on 2024-03-22
UBUNTU: Start new release
Ignore: yes
Signed-off-by: Ubuntu Kernel Bot <email address hidden>
a33597f...
by
Ubuntu Kernel Bot <email address hidden>
on 2024-03-22
UBUNTU: [Packaging] update annotations scripts
BugLink: https:/ /bugs.launchpad .net/bugs/ 2055584
Signed-off-by: Ubuntu Kernel Bot <email address hidden>
d2d9e53...
by
Ubuntu Kernel Bot <email address hidden>
on 2024-03-22
UBUNTU: [Packaging] drop ABI data
BugLink: https:/ /bugs.launchpad .net/bugs/ 2055584
Signed-off-by: Ubuntu Kernel Bot <email address hidden>
6e570b2...
by
Ubuntu Kernel Bot <email address hidden>
on 2024-03-22
UBUNTU: [Packaging] resync git-ubuntu-log
BugLink: https:/ /bugs.launchpad .net/bugs/ 2055584
Signed-off-by: Ubuntu Kernel Bot <email address hidden>
34df7c7...
by
Ubuntu Kernel Bot <email address hidden>
on 2024-03-22
UBUNTU: link-to-tracker: update tracking bug
BugLink: https:/ /bugs.launchpad .net/bugs/ 2055584
Properties: no-test-build
Signed-off-by: Ubuntu Kernel Bot <email address hidden>
6e6eb6d...
by
Lin Ma <email address hidden>
on 2024-03-04
net: qualcomm: rmnet: fix global oob in rmnet_policy
The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
global out-of-bounds read when parsing the netlink attributes. See bug
trace below:
======= ======= ======= ======= ======= ======= ======= ======= ======= ===
BUG: KASAN: global- out-of- bounds in validate_nla lib/nlattr.c:386 [inline]
BUG: KASAN: global- out-of- bounds in __nla_validate_ parse+0x24af/ 0x2750 lib/nlattr.c:600
Read of size 1 at addr ffffffff92c438d0 by task syz-executor. 6/84207
CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_ lvl+0x8b/ 0xb3 lib/dump_ stack.c: 106
print_ address_ description mm/kasan/ report. c:284 [inline]
print_ report+ 0x172/0x475 mm/kasan/ report. c:395
kasan_ report+ 0xbb/0x1c0 mm/kasan/ report. c:495
validate_nla lib/nlattr.c:386 [inline]
__nla_ validate_ parse+0x24af/ 0x2750 lib/nlattr.c:600
__nla_ parse+0x3e/ 0x50 lib/nlattr.c:697
nla_parse_ nested_ deprecated include/ net/netlink. h:1248 [inline]
__rtnl_ newlink+ 0x50a/0x1880 net/core/ rtnetlink. c:3485
rtnl_newlink+ 0x64/0xa0 net/core/ rtnetlink. c:3594
rtnetlink_ rcv_msg+ 0x43c/0xd70 net/core/ rtnetlink. c:6091
netlink_ rcv_skb+ 0x14f/0x410 net/netlink/ af_netlink. c:2540
netlink_ unicast_ kernel net/netlink/ af_netlink. c:1319 [inline]
netlink_ unicast+ 0x54e/0x800 net/netlink/ af_netlink. c:1345
netlink_ sendmsg+ 0x930/0xe50 net/netlink/ af_netlink. c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+ 0x154/0x190 net/socket.c:734
____sys_ sendmsg+ 0x6df/0x840 net/socket.c:2482
___sys_ sendmsg+ 0x110/0x1b0 net/socket.c:2536
__sys_ sendmsg+ 0xf3/0x1c0 net/socket.c:2565
do_syscall_x64 arch/x86/ entry/common. c:50 [inline]
do_syscall_ 64+0x3b/ 0x90 arch/x86/ entry/common. c:80
entry_ SYSCALL_ 64_after_ hwframe+ 0x63/0xcd
RIP: 0033:0x7fdcf2072359
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdcf1 3e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
</TASK>
The buggy address belongs to the variable:
rmnet_ policy+ 0x30/0xe0
The buggy address belongs to the physical page:
page:0000000065 bdeb3c refcount:1 mapcount:0 mapping: 000000000000000 0 index:0x0 pfn:0x155243
flags: 0x2000000000010 00(reserved| node=0| zone=2)
raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07
ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
^
ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
According to the comment of `nla_parse_ nested_ deprecated` , the maxtype
should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.
Fixes: 14452ca3b5ce ("net: qualcomm: rmnet: Export mux_id and flags to netlink")
Signed-off-by: Lin Ma <email address hidden>
Reviewed-by: Subash Abhinov Kasiviswanathan <email address hidden>
Reviewed-by: Simon Horman <email address hidden>
Reviewed-by: Jiri Pirko <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
(cherry picked from commit b33fb5b801c6db4 08b774a68e7c872 2796b59ecc)
CVE-2024-26597
Signed-off-by: Bethany Jamison <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>
afc6c35...
by
=?utf-8?q?Uwe_Kleine-K=C3=B6nig?= <email address hidden>
on 2024-03-04
pwm: Fix out-of-bounds access in of_pwm_ single_ xlate()
With args->args_count == 2 args->args[2] is not defined. Actually the
flags are contained in args->args[1].
Fixes: 3ab7b6ac5d82 ("pwm: Introduce single-PWM of_xlate function")
Cc: <email address hidden>
Link: https:/ /lore.kernel. org/r/243908750 d306e018a3d4bf2 eb745d53ab50f66 3 <email address hidden>
Signed-off-by: Uwe Kleine-König <email address hidden>
(cherry picked from commit a297d07b9a1e4fb 8cda25a4a2363a5 07d294b7c9)
CVE-2024-26599
Signed-off-by: Bethany Jamison <email address hidden>
Acked-by: Kevin Becker <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>
7abbf3f...
by
Andy Whitcroft
on 2024-03-01
UBUNTU: [Packaging] Remove in-tree abi checks
BugLink: https:/ /bugs.launchpad .net/bugs/ 2055686
linux-buildinfo packages are now externally compared by swm, with
results approving or rejecting updates based on the stable
tracker. Those checks also allow hints and overrides to accept
intentional changes.
Also these are done on the correct pair-wise comparisons, especially
when two streams are being cranked.
The above eliminates the need to identify previous build abi,
download, extract it, vendor it in, and assert it at build time.
Signed-off-by: Dimitri John Ledkov <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>