Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y)

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y)
@ 2024-04-10 19:02 Salvatore Bonaccorso
  2024-04-10 19:09 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 2+ messages in thread
From: Salvatore Bonaccorso @ 2024-04-10 19:02 UTC (permalink / raw)
  To: stable; +Cc: Greg Kroah-Hartman, Sasha Levin, Thadeu Lima de Souza Cascardo

Hi Greg, Sasha, Thadeu,

Today there was mentioning of 

https://www.jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html

a LPE from the n_gsm module. I do realize, Thadeu mentioned the
possible attack surface already back in

https://lore.kernel.org/all/ZMuRoDbMcQrsCs3m@quatroqueijos.cascardo.eti.br/#t

Published exploits are referenced as well through the potential
initial finder in https://github.com/YuriiCrimson/ExploitGSM .

While 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach
N_GSM0710 ldisc") is not the fix itself, it helps mitigating against
this issue.

Thus can you consider applying this still to the stable series as
needed? I think it should go at least back to 5.15.y but if
Iunderstood Thadeu correctly then even further back to the still
supported stable branches.

What do you think?

Regards,
Salvatore

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y)
  2024-04-10 19:02 Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y) Salvatore Bonaccorso
@ 2024-04-10 19:09 ` Greg Kroah-Hartman
  0 siblings, 0 replies; 2+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-10 19:09 UTC (permalink / raw)
  To: Salvatore Bonaccorso; +Cc: stable, Sasha Levin, Thadeu Lima de Souza Cascardo

On Wed, Apr 10, 2024 at 09:02:50PM +0200, Salvatore Bonaccorso wrote:
> Hi Greg, Sasha, Thadeu,
> 
> Today there was mentioning of 
> 
> https://www.jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html
> 
> a LPE from the n_gsm module. I do realize, Thadeu mentioned the
> possible attack surface already back in
> 
> https://lore.kernel.org/all/ZMuRoDbMcQrsCs3m@quatroqueijos.cascardo.eti.br/#t
> 
> Published exploits are referenced as well through the potential
> initial finder in https://github.com/YuriiCrimson/ExploitGSM .
> 
> While 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach
> N_GSM0710 ldisc") is not the fix itself, it helps mitigating against
> this issue.
> 
> Thus can you consider applying this still to the stable series as
> needed? I think it should go at least back to 5.15.y but if
> Iunderstood Thadeu correctly then even further back to the still
> supported stable branches.
> 
> What do you think?

Sure, I'll queue it up.  I think the "real" bugs there are already
resolved in the various older kernel trees, but adding this is "defense
in depth" and makes sense.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-04-10 19:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-10 19:02 Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y) Salvatore Bonaccorso
2024-04-10 19:09 ` Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox