This series addresses several s390 driver vulnerabilities related to improper handling of sensitive keys-related material and its lack of proper disposal in stable kernel branches. These issues have been announced as CVE-2024-42155 [1], CVE-2024-42156 [2] and CVE-2024-42158 [4] and fixed in upstream. Another problem named as CVE-2024-42157 [3] has already been successfully backported. All patches have been cherry-picked and are ready to be cleanly applied to 6.6 stable branch. Backports for 5.10/5.15 [5] and 6.1 [6] have already been sent. [PATCH 6.6 1/3] s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Use kfree_sensitive() instead of kfree() and memzero_explicit(). Fixes CVE-2024-42158. [PATCH 6.6 2/3] s390/pkey: Wipe copies of clear-key structures on failure Properly wipe sensitive key material from stack for IOCTLs that deal with clear-key conversion. Fixes CVE-2024-42156. Note: this patch has already been sent separately by Bin Lan <bin.lan.cn@xxxxxxxxxxxxx>, see [7]. [PATCH 6.6 3/3] s390/pkey: Wipe copies of protected- and secure-keys Properly wipe key copies from stack for affected IOCTLs. Fixes CVE-2024-42155. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-42155 [2] https://nvd.nist.gov/vuln/detail/CVE-2024-42156 [3] https://nvd.nist.gov/vuln/detail/CVE-2024-42157 [4] https://nvd.nist.gov/vuln/detail/CVE-2024-42158 [5] https://lore.kernel.org/all/20241128142245.18136-1-n.zhandarovich@xxxxxxxxxx/ [6] https://lore.kernel.org/all/20241128153337.19666-1-n.zhandarovich@xxxxxxxxxx/ [7] https://lore.kernel.org/all/20241121081222.3792207-1-bin.lan.cn@xxxxxxxxxxxxx/
