diff --git a/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/0.patch b/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/0.patch.disabled similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6703/ANY/0.patch rename to Patches/Linux_CVEs-New/CVE-2012-6703/ANY/0.patch.disabled diff --git a/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/1.patch b/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/1.patch deleted file mode 100644 index a93bedec..00000000 --- a/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/1.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 81ce573830e9d5531531b3ec778c58e6b9167bcd Mon Sep 17 00:00:00 2001 -From: Dan Carpenter -Date: Wed, 5 Sep 2012 15:32:18 +0300 -Subject: [PATCH] ALSA: compress_core: integer overflow in - snd_compr_allocate_buffer() - -These are 32 bit values that come from the user, we need to check for -integer overflows or we could end up allocating a smaller buffer than -expected. - -Signed-off-by: Dan Carpenter -Signed-off-by: Takashi Iwai ---- - sound/core/compress_offload.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c -index eb60cb8dbb8a6..68fe02c7400a2 100644 ---- a/sound/core/compress_offload.c -+++ b/sound/core/compress_offload.c -@@ -407,6 +407,10 @@ static int snd_compr_allocate_buffer(struct snd_compr_stream *stream, - unsigned int buffer_size; - void *buffer; - -+ if (params->buffer.fragment_size == 0 || -+ params->buffer.fragments > SIZE_MAX / params->buffer.fragment_size) -+ return -EINVAL; -+ - buffer_size = params->buffer.fragment_size * params->buffer.fragments; - if (stream->ops->copy) { - buffer = NULL; diff --git a/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/2.patch b/Patches/Linux_CVEs-New/CVE-2012-6703/ANY/2.patch.disabled similarity index 100% rename from Patches/Linux_CVEs-New/CVE-2012-6703/ANY/2.patch rename to Patches/Linux_CVEs-New/CVE-2012-6703/ANY/2.patch.disabled diff --git a/Patches/Linux_CVEs-New/CVE-2016-2187/ANY/1.patch b/Patches/Linux_CVEs-New/CVE-2016-2187/ANY/1.patch deleted file mode 100644 index 72d5fe93..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-2187/ANY/1.patch +++ /dev/null @@ -1,59 +0,0 @@ -From adaad9d866105bcb8f87293a0a675f573a39129d Mon Sep 17 00:00:00 2001 -From: Vladis Dronov -Date: Thu, 31 Mar 2016 10:53:42 -0700 -Subject: Input: gtco - fix crash on detecting device without endpoints - -commit 162f98dea487206d9ab79fc12ed64700667a894d upstream. - -The gtco driver expects at least one valid endpoint. If given malicious -descriptors that specify 0 for the number of endpoints, it will crash in -the probe function. Ensure there is at least one endpoint on the interface -before using it. - -Also let's fix a minor coding style issue. - -The full correct report of this issue can be found in the public -Red Hat Bugzilla: - -https://bugzilla.redhat.com/show_bug.cgi?id=1283385 - -Reported-by: Ralf Spenneberg -Signed-off-by: Vladis Dronov -Cc: stable@vger.kernel.org -Signed-off-by: Dmitry Torokhov -Signed-off-by: Willy Tarreau ---- - drivers/input/tablet/gtco.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c -index 29e01ab..a9f8f92 100644 ---- a/drivers/input/tablet/gtco.c -+++ b/drivers/input/tablet/gtco.c -@@ -869,6 +869,14 @@ static int gtco_probe(struct usb_interface *usbinterface, - goto err_free_buf; - } - -+ /* Sanity check that a device has an endpoint */ -+ if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { -+ dev_err(&usbinterface->dev, -+ "Invalid number of endpoints\n"); -+ error = -EINVAL; -+ goto err_free_urb; -+ } -+ - /* - * The endpoint is always altsetting 0, we know this since we know - * this device only has one interrupt endpoint -@@ -890,7 +898,7 @@ static int gtco_probe(struct usb_interface *usbinterface, - * HID report descriptor - */ - if (usb_get_extra_descriptor(usbinterface->cur_altsetting, -- HID_DEVICE_TYPE, &hid_desc) != 0){ -+ HID_DEVICE_TYPE, &hid_desc) != 0) { - dev_err(&usbinterface->dev, - "Can't retrieve exta USB descriptor to get hid report descriptor length\n"); - error = -EIO; --- -cgit v1.1 - diff --git a/Patches/Linux_CVEs-New/CVE-2016-3136/ANY/1.patch b/Patches/Linux_CVEs-New/CVE-2016-3136/ANY/1.patch deleted file mode 100644 index 52e03439..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-3136/ANY/1.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 2633b8df3dff0377066fb32feb8ef06ae834d7ff Mon Sep 17 00:00:00 2001 -From: Badhri Jagan Sridharan -Date: Tue, 30 Aug 2016 13:33:55 -0700 -Subject: UPSTREAM: USB: mct_u232: add sanity checking in probe - -commit 4e9a0b05257f29cf4b75f3209243ed71614d062e upstream. - -An attack using the lack of sanity checking in probe is known. This -patch checks for the existence of a second port. - -CVE-2016-3136 -BUG: 28242610 -Signed-off-by: Oliver Neukum -[johan: add error message ] -Signed-off-by: Johan Hovold -Signed-off-by: Greg Kroah-Hartman - -Signed-off-by: Badhri Jagan Sridharan -Change-Id: I284ad648c2087c34a098d67e0cc6d948a568413c ---- - drivers/usb/serial/mct_u232.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c -index 6a15adf..c14c29f 100644 ---- a/drivers/usb/serial/mct_u232.c -+++ b/drivers/usb/serial/mct_u232.c -@@ -377,14 +377,21 @@ static void mct_u232_msr_to_state(struct usb_serial_port *port, - - static int mct_u232_port_probe(struct usb_serial_port *port) - { -+ struct usb_serial *serial = port->serial; - struct mct_u232_private *priv; - -+ /* check first to simplify error handling */ -+ if (!serial->port[1] || !serial->port[1]->interrupt_in_urb) { -+ dev_err(&port->dev, "expected endpoint missing\n"); -+ return -ENODEV; -+ } -+ - priv = kzalloc(sizeof(*priv), GFP_KERNEL); - if (!priv) - return -ENOMEM; - - /* Use second interrupt-in endpoint for reading. */ -- priv->read_urb = port->serial->port[1]->interrupt_in_urb; -+ priv->read_urb = serial->port[1]->interrupt_in_urb; - priv->read_urb->context = port; - - spin_lock_init(&priv->lock); --- -cgit v1.1 - diff --git a/Patches/Linux_CVEs-New/CVE-2016-3138/ANY/1.patch b/Patches/Linux_CVEs-New/CVE-2016-3138/ANY/1.patch deleted file mode 100644 index eee71747..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-3138/ANY/1.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 801c5f937ef7edb23e411bc00d3695496b89dca2 Mon Sep 17 00:00:00 2001 -From: Badhri Jagan Sridharan -Date: Tue, 30 Aug 2016 13:39:02 -0700 -Subject: UPSTREAM: USB: cdc-acm: more sanity checking - -commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream. - -An attack has become available which pretends to be a quirky -device circumventing normal sanity checks and crashes the kernel -by an insufficient number of interfaces. This patch adds a check -to the code path for quirky devices. - -BUG: 28242610 - -Signed-off-by: Oliver Neukum -Signed-off-by: Greg Kroah-Hartman -Signed-off-by: Badhri Jagan Sridharan -Change-Id: I9a5f7f3c704b65e866335054f470451fcfae9d1c ---- - drivers/usb/class/cdc-acm.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c -index 9b1cbcf..f519d28 100644 ---- a/drivers/usb/class/cdc-acm.c -+++ b/drivers/usb/class/cdc-acm.c -@@ -972,6 +972,9 @@ static int acm_probe(struct usb_interface *intf, - if (quirks == NO_UNION_NORMAL) { - data_interface = usb_ifnum_to_if(usb_dev, 1); - control_interface = usb_ifnum_to_if(usb_dev, 0); -+ /* we would crash */ -+ if (!data_interface || !control_interface) -+ return -ENODEV; - goto skip_normal_probe; - } - --- -cgit v1.1 - diff --git a/Patches/Linux_CVEs-New/CVE-2016-3140/ANY/1.patch b/Patches/Linux_CVEs-New/CVE-2016-3140/ANY/1.patch deleted file mode 100644 index bd2011bc..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-3140/ANY/1.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 129e6372f40a423bcded0a6dae547205edf652fb Mon Sep 17 00:00:00 2001 -From: Oliver Neukum -Date: Thu, 31 Mar 2016 12:04:26 -0400 -Subject: USB: digi_acceleport: do sanity checking for the number of ports - -commit 5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f upstream. - -The driver can be crashed with devices that expose crafted descriptors -with too few endpoints. - -See: http://seclists.org/bugtraq/2016/Mar/61 - -Signed-off-by: Oliver Neukum -[johan: fix OOB endpoint check and add error messages ] -Cc: stable -Signed-off-by: Johan Hovold -Signed-off-by: Greg Kroah-Hartman -Signed-off-by: Willy Tarreau ---- - drivers/usb/serial/digi_acceleport.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/drivers/usb/serial/digi_acceleport.c b/drivers/usb/serial/digi_acceleport.c -index 7b807d3..8c34d9c 100644 ---- a/drivers/usb/serial/digi_acceleport.c -+++ b/drivers/usb/serial/digi_acceleport.c -@@ -1253,8 +1253,27 @@ static int digi_port_init(struct usb_serial_port *port, unsigned port_num) - - static int digi_startup(struct usb_serial *serial) - { -+ struct device *dev = &serial->interface->dev; - struct digi_serial *serial_priv; - int ret; -+ int i; -+ -+ /* check whether the device has the expected number of endpoints */ -+ if (serial->num_port_pointers < serial->type->num_ports + 1) { -+ dev_err(dev, "OOB endpoints missing\n"); -+ return -ENODEV; -+ } -+ -+ for (i = 0; i < serial->type->num_ports + 1 ; i++) { -+ if (!serial->port[i]->read_urb) { -+ dev_err(dev, "bulk-in endpoint missing\n"); -+ return -ENODEV; -+ } -+ if (!serial->port[i]->write_urb) { -+ dev_err(dev, "bulk-out endpoint missing\n"); -+ return -ENODEV; -+ } -+ } - - serial_priv = kzalloc(sizeof(*serial_priv), GFP_KERNEL); - if (!serial_priv) --- -cgit v1.1 - diff --git a/Patches/Linux_CVEs-New/CVE-2016-3689/ANY/1.patch b/Patches/Linux_CVEs-New/CVE-2016-3689/ANY/1.patch deleted file mode 100644 index abc036f7..00000000 --- a/Patches/Linux_CVEs-New/CVE-2016-3689/ANY/1.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 7ca573e32c0a6634d679540314a80d235f224bfb Mon Sep 17 00:00:00 2001 -From: Oliver Neukum -Date: Thu, 17 Mar 2016 14:00:17 -0700 -Subject: [PATCH] Input: ims-pcu - sanity check against missing interfaces - -[ Upstream commit a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff ] - -A malicious device missing interface can make the driver oops. -Add sanity checking. - -Signed-off-by: Oliver Neukum -CC: stable@vger.kernel.org -Signed-off-by: Dmitry Torokhov -Signed-off-by: Sasha Levin ---- - drivers/input/misc/ims-pcu.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c -index afed8e2b2f944..41ef29b516f35 100644 ---- a/drivers/input/misc/ims-pcu.c -+++ b/drivers/input/misc/ims-pcu.c -@@ -1663,6 +1663,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc - - pcu->ctrl_intf = usb_ifnum_to_if(pcu->udev, - union_desc->bMasterInterface0); -+ if (!pcu->ctrl_intf) -+ return -EINVAL; - - alt = pcu->ctrl_intf->cur_altsetting; - pcu->ep_ctrl = &alt->endpoint[0].desc; -@@ -1670,6 +1672,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc - - pcu->data_intf = usb_ifnum_to_if(pcu->udev, - union_desc->bSlaveInterface0); -+ if (!pcu->data_intf) -+ return -EINVAL; - - alt = pcu->data_intf->cur_altsetting; - if (alt->desc.bNumEndpoints != 2) { diff --git a/Patches/Linux_CVEs-New/CVE-2017-7371/ANY/1.patch b/Patches/Linux_CVEs-New/CVE-2017-7371/ANY/1.patch deleted file mode 100644 index 19b01e18..00000000 --- a/Patches/Linux_CVEs-New/CVE-2017-7371/ANY/1.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 9d5a0bc7f6318821fddf9fc0ac9a05e58bb00a6b Mon Sep 17 00:00:00 2001 -From: Sungjun Park -Date: Mon, 23 Jan 2017 13:28:44 -0800 -Subject: bluetooth: Fix free data pointer routine - -Data pointer has been reused after freed it. So, -it has been moved to after using the data pointer -to clean up resource and freed it. - -Change-Id: Ibc94e092134ff1f36e896c679ade7f639254a24d -Signed-off-by: Sungjun Park ---- - drivers/bluetooth/btfm_slim.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/drivers/bluetooth/btfm_slim.c b/drivers/bluetooth/btfm_slim.c -index 5fb00b9..1c6e256 100644 ---- a/drivers/bluetooth/btfm_slim.c -+++ b/drivers/bluetooth/btfm_slim.c -@@ -1,4 +1,4 @@ --/* Copyright (c) 2016, The Linux Foundation. All rights reserved. -+/* Copyright (c) 2017, The Linux Foundation. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 and -@@ -509,7 +509,6 @@ static int btfm_slim_remove(struct slim_device *slim) - BTFMSLIM_DBG(""); - mutex_destroy(&btfm_slim->io_lock); - mutex_destroy(&btfm_slim->xfer_lock); -- kfree(btfm_slim); - snd_soc_unregister_codec(&slim->dev); - - BTFMSLIM_DBG("slim_remove_device() - btfm_slim->slim_ifd"); -@@ -517,6 +516,8 @@ static int btfm_slim_remove(struct slim_device *slim) - - BTFMSLIM_DBG("slim_remove_device() - btfm_slim->slim_pgd"); - slim_remove_device(slim); -+ -+ kfree(btfm_slim); - return 0; - } - --- -cgit v1.1 - diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh index 66e72f5b..0712174e 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh @@ -1,5 +1,4 @@ #!/bin/bash -#Tested working 2017/10/30???? cd $base"kernel/amazon/hdx-common" git apply $cvePatches/CVE-2012-6704/ANY/0.patch git apply $cvePatches/CVE-2014-1739/ANY/0.patch diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_asus_msm8916.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_asus_msm8916.sh new file mode 100644 index 00000000..9a0a04b1 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_asus_msm8916.sh @@ -0,0 +1,10 @@ +#!/bin/bash +cd $base"kernel/asus/msm8916" +git apply $cvePatches/CVE-2014-9781/ANY/0.patch +git apply $cvePatches/CVE-2016-10233/3.10/1.patch +git apply $cvePatches/CVE-2016-3134/3.10/0.patch +git apply $cvePatches/CVE-2016-3857/3.10/0.patch +git apply $cvePatches/CVE-2016-6672/ANY/0.patch +git apply $cvePatches/CVE-2016-8394/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh new file mode 100644 index 00000000..b6e8e875 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh @@ -0,0 +1,9 @@ +#!/bin/bash +cd $base"kernel/fairphone/msm8974" +git apply $cvePatches/CVE-2016-3672/ANY/0.patch +git apply $cvePatches/CVE-2017-0430/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +git apply $cvePatches/CVE-2017-0786/ANY/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh new file mode 100644 index 00000000..fb86ac8a --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh @@ -0,0 +1,60 @@ +#!/bin/bash +cd $base"kernel/google/marlin" +git apply $cvePatches/CVE-2014-9900/ANY/0.patch +git apply $cvePatches/CVE-2015-2041/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-8966/ANY/0.patch +git apply $cvePatches/CVE-2016-10044/ANY/2.patch +git apply $cvePatches/CVE-2016-10153/ANY/0.patch +git apply $cvePatches/CVE-2016-10231/ANY/1.patch +git apply $cvePatches/CVE-2016-2187/ANY/0.patch +git apply $cvePatches/CVE-2016-2544/ANY/0.patch +git apply $cvePatches/CVE-2016-2549/ANY/0.patch +git apply $cvePatches/CVE-2016-2847/ANY/0.patch +git apply $cvePatches/CVE-2016-3136/ANY/0.patch +git apply $cvePatches/CVE-2016-3140/ANY/0.patch +git apply $cvePatches/CVE-2016-3156/ANY/0.patch +git apply $cvePatches/CVE-2016-3865/ANY/0.patch +git apply $cvePatches/CVE-2016-3865/ANY/1.patch +git apply $cvePatches/CVE-2016-3906/ANY/0.patch +git apply $cvePatches/CVE-2016-5342/ANY/0.patch +git apply $cvePatches/CVE-2016-5345/ANY/0.patch +git apply $cvePatches/CVE-2016-5854/ANY/0.patch +git apply $cvePatches/CVE-2016-5856/ANY/0.patch +git apply $cvePatches/CVE-2016-5857/ANY/0.patch +git apply $cvePatches/CVE-2016-5867/ANY/0.patch +git apply $cvePatches/CVE-2016-5870/ANY/0.patch +git apply $cvePatches/CVE-2016-6672/ANY/0.patch +git apply $cvePatches/CVE-2016-7042/ANY/0.patch +git apply $cvePatches/CVE-2016-8418/ANY/0.patch +git apply $cvePatches/CVE-2016-8483/3.18/0.patch +git apply $cvePatches/CVE-2016-9604/ANY/0.patch +git apply $cvePatches/CVE-2017-0510/3.18/1.patch +git apply $cvePatches/CVE-2017-0537/ANY/0.patch +git apply $cvePatches/CVE-2017-0622/ANY/0.patch +git apply $cvePatches/CVE-2017-0627/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +git apply $cvePatches/CVE-2017-1000365/3.18/1.patch +git apply $cvePatches/CVE-2017-10998/3.18/1.patch +git apply $cvePatches/CVE-2017-11001/ANY/0.patch +git apply $cvePatches/CVE-2017-11002/ANY/0.patch +git apply $cvePatches/CVE-2017-12146/ANY/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-2671/ANY/0.patch +git apply $cvePatches/CVE-2017-5669/ANY/1.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +git apply $cvePatches/CVE-2017-6951/ANY/0.patch +git apply $cvePatches/CVE-2017-7371/ANY/0.patch +git apply $cvePatches/CVE-2017-7372/ANY/0.patch +git apply $cvePatches/CVE-2017-7472/ANY/0.patch +git apply $cvePatches/CVE-2017-7487/ANY/0.patch +git apply $cvePatches/CVE-2017-7616/ANY/0.patch +git apply $cvePatches/CVE-2017-7618/ANY/0.patch +git apply $cvePatches/CVE-2017-8247/ANY/0.patch +git apply $cvePatches/CVE-2017-8280/ANY/0.patch +git apply $cvePatches/CVE-2017-9242/ANY/0.patch +git apply $cvePatches/CVE-2017-9676/ANY/0.patch +git apply $cvePatches/CVE-2017-9686/3.18/0.patch +git apply $cvePatches/CVE-2017-9687/3.18/0.patch +git apply $cvePatches/CVE-2017-9697/3.18/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_msm.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_msm.sh new file mode 100644 index 00000000..9993498a --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_msm.sh @@ -0,0 +1,12 @@ +#!/bin/bash +cd $base"kernel/google/msm" +git apply $cvePatches/CVE-2014-9781/ANY/0.patch +git apply $cvePatches/CVE-2015-1593/ANY/0.patch +git apply $cvePatches/CVE-2016-3859/ANY/0.patch +git apply $cvePatches/CVE-2016-8402/3.4/1.patch +git apply $cvePatches/CVE-2016-8404/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +git apply $cvePatches/CVE-2017-0751/ANY/0.patch +git apply $cvePatches/CVE-2017-0786/ANY/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh new file mode 100644 index 00000000..67393c71 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh @@ -0,0 +1,25 @@ +#!/bin/bash +cd $base"kernel/htc/flounder" +git apply $cvePatches/CVE-2014-9892/ANY/0.patch +git apply $cvePatches/CVE-2014-9900/ANY/0.patch +git apply $cvePatches/CVE-2015-4177/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-8944/ANY/0.patch +git apply $cvePatches/CVE-2016-0819/ANY/0.patch +git apply $cvePatches/CVE-2016-8453/ANY/0.patch +git apply $cvePatches/CVE-2016-8464/3.10/0.patch +git apply $cvePatches/CVE-2016-9604/ANY/0.patch +git apply $cvePatches/CVE-2017-0449/ANY/0.patch +git apply $cvePatches/CVE-2017-0537/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +git apply $cvePatches/CVE-2017-0794/3.10/0.patch +git apply $cvePatches/CVE-2017-10996/ANY/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-2671/ANY/0.patch +git apply $cvePatches/CVE-2017-5669/ANY/1.patch +git apply $cvePatches/CVE-2017-5970/ANY/0.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +git apply $cvePatches/CVE-2017-6951/ANY/0.patch +git apply $cvePatches/CVE-2017-7472/ANY/0.patch +git apply $cvePatches/CVE-2017-9242/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh new file mode 100644 index 00000000..b9d97531 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh @@ -0,0 +1,49 @@ +#!/bin/bash +cd $base"kernel/lge/bullhead" +git apply $cvePatches/CVE-2014-8160/ANY/0.patch +git apply $cvePatches/CVE-2014-8173/ANY/0.patch +git apply $cvePatches/CVE-2014-9781/ANY/0.patch +git apply $cvePatches/CVE-2015-2041/ANY/0.patch +git apply $cvePatches/CVE-2015-4177/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-7550/ANY/0.patch +git apply $cvePatches/CVE-2016-0805/ANY/0.patch +git apply $cvePatches/CVE-2016-10231/ANY/1.patch +git apply $cvePatches/CVE-2016-10233/3.10/1.patch +git apply $cvePatches/CVE-2016-2063/ANY/0.patch +git apply $cvePatches/CVE-2016-2185/ANY/0.patch +git apply $cvePatches/CVE-2016-2186/ANY/0.patch +git apply $cvePatches/CVE-2016-2187/ANY/0.patch +git apply $cvePatches/CVE-2016-2384/ANY/0.patch +git apply $cvePatches/CVE-2016-2544/ANY/0.patch +git apply $cvePatches/CVE-2016-2545/ANY/0.patch +git apply $cvePatches/CVE-2016-2547/ANY/0.patch +git apply $cvePatches/CVE-2016-2549/ANY/0.patch +git apply $cvePatches/CVE-2016-3070/ANY/0.patch +git apply $cvePatches/CVE-2016-3134/3.10/0.patch +git apply $cvePatches/CVE-2016-3136/ANY/0.patch +git apply $cvePatches/CVE-2016-3140/ANY/0.patch +git apply $cvePatches/CVE-2016-3672/ANY/0.patch +git apply $cvePatches/CVE-2016-3689/ANY/0.patch +git apply $cvePatches/CVE-2016-3857/3.10/0.patch +git apply $cvePatches/CVE-2016-5345/ANY/0.patch +git apply $cvePatches/CVE-2016-5859/ANY/0.patch +git apply $cvePatches/CVE-2016-5867/ANY/0.patch +git apply $cvePatches/CVE-2016-5870/ANY/0.patch +git apply $cvePatches/CVE-2016-8404/ANY/0.patch +git apply $cvePatches/CVE-2016-9604/ANY/0.patch +git apply $cvePatches/CVE-2017-0436/ANY/0.patch +git apply $cvePatches/CVE-2017-0510/3.10/0.patch +git apply $cvePatches/CVE-2017-0516/ANY/0.patch +git apply $cvePatches/CVE-2017-0523/ANY/0.patch +git apply $cvePatches/CVE-2017-0537/ANY/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-2618/3.10/0.patch +git apply $cvePatches/CVE-2017-2671/ANY/0.patch +git apply $cvePatches/CVE-2017-5669/ANY/1.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +git apply $cvePatches/CVE-2017-6951/ANY/0.patch +git apply $cvePatches/CVE-2017-7472/ANY/0.patch +git apply $cvePatches/CVE-2017-7487/ANY/0.patch +git apply $cvePatches/CVE-2017-9242/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_hammerhead.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_hammerhead.sh new file mode 100644 index 00000000..f212b0ff --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_hammerhead.sh @@ -0,0 +1,20 @@ +#!/bin/bash +cd $base"kernel/lge/hammerhead" +git apply $cvePatches/CVE-2014-9881/ANY/0.patch +git apply $cvePatches/CVE-2015-1593/ANY/0.patch +git apply $cvePatches/CVE-2016-5829/ANY/0.patch +git apply $cvePatches/CVE-2016-9604/ANY/0.patch +git apply $cvePatches/CVE-2017-0611/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +git apply $cvePatches/CVE-2017-0751/ANY/0.patch +git apply $cvePatches/CVE-2017-0786/ANY/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-2671/ANY/0.patch +git apply $cvePatches/CVE-2017-5970/ANY/0.patch +git apply $cvePatches/CVE-2017-6074/ANY/0.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +git apply $cvePatches/CVE-2017-6951/ANY/0.patch +git apply $cvePatches/CVE-2017-7487/ANY/0.patch +git apply $cvePatches/CVE-2017-8247/ANY/0.patch +git apply $cvePatches/CVE-2017-9242/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh new file mode 100644 index 00000000..15c5951d --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh @@ -0,0 +1,53 @@ +#!/bin/bash +cd $base"kernel/moto/shamu" +git apply $cvePatches/CVE-2014-8160/ANY/0.patch +git apply $cvePatches/CVE-2014-8173/ANY/0.patch +git apply $cvePatches/CVE-2014-9420/ANY/0.patch +git apply $cvePatches/CVE-2014-9683/ANY/0.patch +git apply $cvePatches/CVE-2014-9715/ANY/0.patch +git apply $cvePatches/CVE-2014-9781/ANY/0.patch +git apply $cvePatches/CVE-2015-1593/ANY/0.patch +git apply $cvePatches/CVE-2015-2041/ANY/0.patch +git apply $cvePatches/CVE-2015-4177/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-7550/ANY/0.patch +git apply $cvePatches/CVE-2015-8967/ANY/0.patch +git apply $cvePatches/CVE-2016-0758/ANY/0.patch +git apply $cvePatches/CVE-2016-10233/3.10/1.patch +git apply $cvePatches/CVE-2016-2185/ANY/0.patch +git apply $cvePatches/CVE-2016-2186/ANY/0.patch +git apply $cvePatches/CVE-2016-2187/ANY/0.patch +git apply $cvePatches/CVE-2016-2384/ANY/0.patch +git apply $cvePatches/CVE-2016-2544/ANY/0.patch +git apply $cvePatches/CVE-2016-2545/ANY/0.patch +git apply $cvePatches/CVE-2016-2547/ANY/0.patch +git apply $cvePatches/CVE-2016-2549/ANY/0.patch +git apply $cvePatches/CVE-2016-3070/ANY/0.patch +git apply $cvePatches/CVE-2016-3134/3.10/0.patch +git apply $cvePatches/CVE-2016-3136/ANY/0.patch +git apply $cvePatches/CVE-2016-3138/ANY/0.patch +git apply $cvePatches/CVE-2016-3140/ANY/0.patch +git apply $cvePatches/CVE-2016-3689/ANY/0.patch +git apply $cvePatches/CVE-2016-3857/3.10/0.patch +git apply $cvePatches/CVE-2016-3865/ANY/0.patch +git apply $cvePatches/CVE-2016-3865/ANY/1.patch +git apply $cvePatches/CVE-2016-5342/ANY/0.patch +git apply $cvePatches/CVE-2016-5870/ANY/0.patch +git apply $cvePatches/CVE-2016-6672/ANY/0.patch +git apply $cvePatches/CVE-2016-8404/ANY/0.patch +git apply $cvePatches/CVE-2016-8464/3.10/0.patch +git apply $cvePatches/CVE-2016-9604/ANY/0.patch +git apply $cvePatches/CVE-2017-0404/ANY/0.patch +git apply $cvePatches/CVE-2017-0537/ANY/0.patch +git apply $cvePatches/CVE-2017-0627/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +git apply $cvePatches/CVE-2017-2618/3.10/0.patch +git apply $cvePatches/CVE-2017-2671/ANY/0.patch +git apply $cvePatches/CVE-2017-5669/ANY/1.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +git apply $cvePatches/CVE-2017-6951/ANY/0.patch +git apply $cvePatches/CVE-2017-7472/ANY/0.patch +git apply $cvePatches/CVE-2017-7487/ANY/0.patch +git apply $cvePatches/CVE-2017-8269/ANY/0.patch +git apply $cvePatches/CVE-2017-9242/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh new file mode 100644 index 00000000..74ac7548 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh @@ -0,0 +1,25 @@ +#!/bin/bash +cd $base"kernel/motorola/msm8916" +git apply $cvePatches/CVE-2014-9420/ANY/0.patch +git apply $cvePatches/CVE-2014-9781/ANY/0.patch +git apply $cvePatches/CVE-2015-1593/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-8967/ANY/0.patch +git apply $cvePatches/CVE-2016-10231/ANY/1.patch +git apply $cvePatches/CVE-2016-10233/3.10/1.patch +git apply $cvePatches/CVE-2016-3134/3.10/0.patch +git apply $cvePatches/CVE-2016-3672/ANY/0.patch +git apply $cvePatches/CVE-2016-3857/3.10/0.patch +git apply $cvePatches/CVE-2016-3865/ANY/0.patch +git apply $cvePatches/CVE-2016-3865/ANY/1.patch +git apply $cvePatches/CVE-2016-3902/ANY/0.patch +git apply $cvePatches/CVE-2016-5859/ANY/0.patch +git apply $cvePatches/CVE-2016-5867/ANY/0.patch +git apply $cvePatches/CVE-2016-6672/ANY/0.patch +git apply $cvePatches/CVE-2017-0457/3.10/0.patch +git apply $cvePatches/CVE-2017-0457/3.10/1.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +git apply $cvePatches/CVE-2017-0794/3.10/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh new file mode 100644 index 00000000..b8321263 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh @@ -0,0 +1,6 @@ +#!/bin/bash +cd $base"kernel/nextbit/msm8992" +git apply $cvePatches/CVE-2014-9904/ANY/0.patch +git apply $cvePatches/CVE-2016-6672/ANY/0.patch +git apply $cvePatches/CVE-2017-0750/ANY/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh new file mode 100644 index 00000000..babd1a01 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh @@ -0,0 +1,25 @@ +#!/bin/bash +cd $base"kernel/samsung/smdk4412" +git apply $cvePatches/CVE-2014-1739/ANY/0.patch +git apply $cvePatches/CVE-2014-4656/ANY/0.patch +git apply $cvePatches/CVE-2014-9420/ANY/0.patch +git apply $cvePatches/CVE-2014-9781/ANY/0.patch +git apply $cvePatches/CVE-2014-9870/ANY/0.patch +git apply $cvePatches/CVE-2014-9900/ANY/0.patch +git apply $cvePatches/CVE-2015-8944/ANY/0.patch +git apply $cvePatches/CVE-2016-0819/ANY/0.patch +git apply $cvePatches/CVE-2016-2185/ANY/0.patch +git apply $cvePatches/CVE-2016-2186/ANY/0.patch +git apply $cvePatches/CVE-2016-2544/ANY/0.patch +git apply $cvePatches/CVE-2016-6753/ANY/0.patch +git apply $cvePatches/CVE-2016-9604/ANY/0.patch +git apply $cvePatches/CVE-2017-0403/ANY/0.patch +git apply $cvePatches/CVE-2017-0404/ANY/0.patch +git apply $cvePatches/CVE-2017-0430/ANY/0.patch +git apply $cvePatches/CVE-2017-0786/ANY/0.patch +git apply $cvePatches/CVE-2017-10662/ANY/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-6074/ANY/0.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +git apply $cvePatches/CVE-2017-7487/ANY/0.patch +cd $base