From 2187d4bf36010901151ccb8d09a04866cb5ba27a Mon Sep 17 00:00:00 2001
From: Tavi <tavi@divested.dev>
Date: Mon, 5 Aug 2024 19:58:15 -0400
Subject: [PATCH] Better patching of CVE-2024-36971

4.6 and higher is impacted
need backport for 4.9 and 4.14

not patched kernels:
	LineageOS-17.1
		kernel_xiaomi_sm6150

	LineageOS-19.1
		kernel_xiaomi_sm8150

	LineageOS-20.0
		kernel_fairphone_sdm632
		kernel_google_msm-4.14
		kernel_google_msm-4.9
		kernel_oneplus_sdm845
		kernel_oneplus_sm8150
		kernel_razer_sdm845
		kernel_samsung_exynos9810
		kernel_sony_sdm845
		kernel_xiaomi_msm8937
		kernel_xiaomi_sdm845
		kernel_xiaomi_sm6150
		kernel_xiaomi_vayu

Signed-off-by: Tavi <tavi@divested.dev>
---
 Patches/Linux                                               | 2 +-
 .../CVE_Patchers/android_kernel_xiaomi_sm6150.sh            | 3 ++-
 .../CVE_Patchers/android_kernel_xiaomi_sm8150.sh            | 3 ++-
 .../android_kernel_google_gs101_private_gs-google.sh        | 6 +++++-
 .../android_kernel_google_gs201_private_gs-google.sh        | 6 +++++-
 .../CVE_Patchers/android_kernel_google_redbull.sh           | 5 ++++-
 .../CVE_Patchers/android_kernel_oneplus_sm8150.sh           | 3 ++-
 .../CVE_Patchers/android_kernel_xiaomi_sm6150.sh            | 3 ++-
 .../CVE_Patchers/android_kernel_xiaomi_vayu.sh              | 3 ++-
 9 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/Patches/Linux b/Patches/Linux
index 4ae778cb..21d31dd7 160000
--- a/Patches/Linux
+++ b/Patches/Linux
@@ -1 +1 @@
-Subproject commit 4ae778cb80853dd230736fd95a959c59fea7b949
+Subproject commit 21d31dd7adcd24eebb22cd7f6a61df8ee5df321d
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sm6150.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sm6150.sh
index a89ce6a8..066de93f 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sm6150.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sm6150.sh
@@ -903,6 +903,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36950/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -997,7 +998,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p997"
+editKernelLocalversion "-dos.p998"
 else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh b/Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh
index 2ff1b5ce..efe5355e 100644
--- a/Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh
+++ b/Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh
@@ -984,6 +984,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36946/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36950/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -1080,7 +1081,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p1080"
+editKernelLocalversion "-dos.p1081"
 else echo "kernel_xiaomi_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh
index 31188e66..19bfa0aa 100644
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh
@@ -693,6 +693,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36957/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/5.10/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36974/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36978/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/5.10/0005.patch
@@ -860,7 +864,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-35812/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/5.10/0003.patch
-editKernelLocalversion "-dos.p860"
+editKernelLocalversion "-dos.p864"
 else echo "kernel_google_gs101_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh
index b36c6b85..61c649f8 100644
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh
@@ -691,6 +691,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36957/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/5.10/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/5.10/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/5.10/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36974/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36978/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/5.10/0005.patch
@@ -858,7 +862,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-35812/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/5.10/0003.patch
-editKernelLocalversion "-dos.p858"
+editKernelLocalversion "-dos.p862"
 else echo "kernel_google_gs201_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh
index 8421eb67..da54dfd1 100644
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh
@@ -514,6 +514,9 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.19/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.19/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-aosp/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -626,7 +629,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-35812/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p626"
+editKernelLocalversion "-dos.p629"
 else echo "kernel_google_redbull is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
index 79075841..13eb61c0 100644
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
@@ -950,6 +950,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36946/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36950/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -1045,7 +1046,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p1045"
+editKernelLocalversion "-dos.p1046"
 else echo "kernel_oneplus_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm6150.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm6150.sh
index ddcbc7c5..3885a6ae 100644
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm6150.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm6150.sh
@@ -328,6 +328,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -422,7 +423,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p422"
+editKernelLocalversion "-dos.p423"
 else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_vayu.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_vayu.sh
index 66fe3147..8b200d4b 100644
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_vayu.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_vayu.sh
@@ -330,6 +330,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36954/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36959/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36960/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36964/4.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-36971-0pre/4.14/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37078/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37353/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-37356/4.19/0002.patch
@@ -424,7 +425,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.19/0002.patch
-editKernelLocalversion "-dos.p424"
+editKernelLocalversion "-dos.p425"
 else echo "kernel_xiaomi_vayu is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"