Better patching of CVE-2024-36971

4.6 and higher is impacted
need backport for 4.9 and 4.14

not patched kernels:
	LineageOS-17.1
		kernel_xiaomi_sm6150

	LineageOS-19.1
		kernel_xiaomi_sm8150

	LineageOS-20.0
		kernel_fairphone_sdm632
		kernel_google_msm-4.14
		kernel_google_msm-4.9
		kernel_oneplus_sdm845
		kernel_oneplus_sm8150
		kernel_razer_sdm845
		kernel_samsung_exynos9810
		kernel_sony_sdm845
		kernel_xiaomi_msm8937
		kernel_xiaomi_sdm845
		kernel_xiaomi_sm6150
		kernel_xiaomi_vayu

Signed-off-by: Tavi <tavi@divested.dev>

Patches/Linux

@@ -1 +1 @@
-Subproject commit 4ae778cb80853dd230736fd95a959c59fea7b949
+Subproject commit 21d31dd7adcd24eebb22cd7f6a61df8ee5df321d

Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sm6150.sh

@@ -903,6 +903,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36950/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -997,7 +998,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p997"
+editKernelLocalversion "-dos.p998"
 else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh

@@ -984,6 +984,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36946/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36950/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -1080,7 +1081,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p1080"
+editKernelLocalversion "-dos.p1081"
 else echo "kernel_xiaomi_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh

@@ -693,6 +693,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36957/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/5.10/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36974/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36978/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/5.10/0005.patch
@@ -860,7 +864,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-35812/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/5.10/0003.patch
-editKernelLocalversion "-dos.p860"
+editKernelLocalversion "-dos.p864"
 else echo "kernel_google_gs101_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh

@@ -691,6 +691,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36957/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/5.10/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36974/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36978/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/5.10/0005.patch
@@ -858,7 +862,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-35812/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/5.10/0003.patch
-editKernelLocalversion "-dos.p858"
+editKernelLocalversion "-dos.p862"
 else echo "kernel_google_gs201_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh

@@ -514,6 +514,9 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.19/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.19/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -626,7 +629,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-35812/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p626"
+editKernelLocalversion "-dos.p629"
 else echo "kernel_google_redbull is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh

@@ -950,6 +950,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36946/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36950/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -1045,7 +1046,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p1045"
+editKernelLocalversion "-dos.p1046"
 else echo "kernel_oneplus_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm6150.sh

@@ -328,6 +328,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -422,7 +423,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p422"
+editKernelLocalversion "-dos.p423"
 else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_vayu.sh

@@ -330,6 +330,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -424,7 +425,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p424"
+editKernelLocalversion "-dos.p425"
 else echo "kernel_xiaomi_vayu is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"