On Wed, Apr 10, 2024 at 09:02:50PM +0200, Salvatore Bonaccorso wrote: > Hi Greg, Sasha, Thadeu, > > Today there was mentioning of > > https://www.jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html > > a LPE from the n_gsm module. I do realize, Thadeu mentioned the > possible attack surface already back in > > https://lore.kernel.org/all/ZMuRoDbMcQrsCs3m@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/#t > > Published exploits are referenced as well through the potential > initial finder in https://github.com/YuriiCrimson/ExploitGSM . > > While 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach > N_GSM0710 ldisc") is not the fix itself, it helps mitigating against > this issue. > > Thus can you consider applying this still to the stable series as > needed? I think it should go at least back to 5.15.y but if > Iunderstood Thadeu correctly then even further back to the still > supported stable branches. > > What do you think? Sure, I'll queue it up. I think the "real" bugs there are already resolved in the various older kernel trees, but adding this is "defense in depth" and makes sense. thanks, greg k-h
