From 79daadb5ef8706ab205943d5f1715f67d61c1d6f Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 2 Nov 2017 15:26:49 -0400 Subject: [PATCH] Update CVE patchers for ranged versions, patching 1 CVE --- Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch | 78 +++++++++++++++++++ .../android_kernel_amazon_hdx-common.sh | 3 +- .../android_kernel_google_marlin.sh | 2 +- .../android_kernel_htc_flounder.sh | 2 +- .../android_kernel_huawei_angler.sh | 61 +++++++++++++++ .../android_kernel_lge_bullhead.sh | 4 +- .../CVE_Patchers/android_kernel_moto_shamu.sh | 8 +- .../android_kernel_motorola_msm8916.sh | 4 +- .../android_kernel_samsung_smdk4412.sh | 2 +- 9 files changed, 152 insertions(+), 12 deletions(-) create mode 100644 Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch create mode 100644 Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_huawei_angler.sh diff --git a/Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch new file mode 100644 index 00000000..f110d56b --- /dev/null +++ b/Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch @@ -0,0 +1,78 @@ +From 6bd7e74005e90ef79402a9c94e1044f845aa49f1 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 5 Sep 2017 14:54:54 +0200 +Subject: [PATCH] mac80211: accept key reinstall without changing anything + +When a key is reinstalled we can reset the replay counters +etc. which can lead to nonce reuse and/or replay detection +being impossible, breaking security properties, as described +in the "KRACK attacks". + +In particular, CVE-2017-13080 applies to GTK rekeying that +happened in firmware while the host is in D3, with the second +part of the attack being done after the host wakes up. In +this case, the wpa_supplicant mitigation isn't sufficient +since wpa_supplicant doesn't know the GTK material. + +In case this happens, simply silently accept the new key +coming from userspace but don't take any action on it since +it's the same key; this keeps the PN replay counters intact. + +Change-Id: If973789c12d2afcd9192f796e27bc9598c5dd1c0 +Signed-off-by: Johannes Berg +--- + net/mac80211/key.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/key.c b/net/mac80211/key.c +index 5bb600d93d7..cebe30315d9 100644 +--- a/net/mac80211/key.c ++++ b/net/mac80211/key.c +@@ -3,6 +3,7 @@ + * Copyright 2005-2006, Devicescape Software, Inc. + * Copyright 2006-2007 Jiri Benc + * Copyright 2007-2008 Johannes Berg ++ * Copyright 2015-2017 Intel Deutschland GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as +@@ -452,9 +453,6 @@ int ieee80211_key_link(struct ieee80211_key *key, + + pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; + idx = key->conf.keyidx; +- key->local = sdata->local; +- key->sdata = sdata; +- key->sta = sta; + + if (sta) { + /* +@@ -491,6 +489,21 @@ int ieee80211_key_link(struct ieee80211_key *key, + else + old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); + ++ /* ++ * Silently accept key re-installation without really installing the ++ * new version of the key to avoid nonce reuse or replay issues. ++ */ ++ if (old_key && key->conf.keylen == old_key->conf.keylen && ++ !memcmp(key->conf.key, old_key->conf.key, key->conf.keylen)) { ++ ieee80211_key_free_unused(key); ++ ret = 0; ++ goto out; ++ } ++ ++ key->local = sdata->local; ++ key->sdata = sdata; ++ key->sta = sta; ++ + increment_tailroom_need_count(sdata); + + __ieee80211_key_replace(sdata, sta, pairwise, old_key, key); +@@ -500,6 +513,7 @@ int ieee80211_key_link(struct ieee80211_key *key, + + ret = ieee80211_key_enable_hw_accel(key); + ++ out: + mutex_unlock(&sdata->local->key_mtx); + + return ret; diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh index 7bff32fd..a0401c28 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh @@ -3,8 +3,9 @@ cd $base"kernel/amazon/hdx-common" git apply $cvePatches/CVE-2012-6704/ANY/0.patch git apply $cvePatches/CVE-2014-1739/ANY/0.patch git apply $cvePatches/CVE-2014-4656/ANY/0.patch +git apply $cvePatches/CVE-2014-7822/3.2-^3.16/0.patch git apply $cvePatches/CVE-2014-8709/ANY/0.patch -git apply $cvePatches/CVE-2014-9420/ANY/0.patch +git apply $cvePatches/CVE-2014-9420/3.2-^3.18/1.patch git apply $cvePatches/CVE-2014-9781/ANY/0.patch git apply $cvePatches/CVE-2014-9876/3.4/1.patch git apply $cvePatches/CVE-2014-9880/ANY/0.patch diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh index 038f0cd8..0bd17e9c 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh @@ -2,7 +2,7 @@ cd $base"kernel/google/marlin" git apply $cvePatches/CVE-2014-9900/ANY/0.patch git apply $cvePatches/CVE-2015-2041/ANY/0.patch -git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/^4.4/0.patch git apply $cvePatches/CVE-2015-8966/ANY/0.patch git apply $cvePatches/CVE-2016-10088/ANY/0.patch git apply $cvePatches/CVE-2016-10153/ANY/0.patch diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh index 507da970..d65d829d 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh @@ -3,7 +3,7 @@ cd $base"kernel/htc/flounder" git apply $cvePatches/CVE-2014-9892/ANY/0.patch git apply $cvePatches/CVE-2014-9900/ANY/0.patch git apply $cvePatches/CVE-2015-4177/ANY/0.patch -git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/^4.4/0.patch git apply $cvePatches/CVE-2015-8944/ANY/0.patch git apply $cvePatches/CVE-2016-2475/ANY/0.patch git apply $cvePatches/CVE-2016-8453/ANY/0.patch diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_huawei_angler.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_huawei_angler.sh new file mode 100644 index 00000000..6c93ac48 --- /dev/null +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_huawei_angler.sh @@ -0,0 +1,61 @@ +#!/bin/bash +cd $base"kernel/huawei/angler" +git apply $cvePatches/CVE-2014-8160/^3.18/0.patch +git apply $cvePatches/CVE-2014-8173/ANY/0.patch +git apply $cvePatches/CVE-2014-9781/ANY/0.patch +git apply $cvePatches/CVE-2015-2041/ANY/0.patch +git apply $cvePatches/CVE-2015-4170/ANY/0.patch +git apply $cvePatches/CVE-2015-4177/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/^4.4/0.patch +git apply $cvePatches/CVE-2015-7550/ANY/0.patch +git apply $cvePatches/CVE-2016-0805/ANY/0.patch +git apply $cvePatches/CVE-2016-10231/ANY/1.patch +git apply $cvePatches/CVE-2016-10233/3.10/1.patch +git apply $cvePatches/CVE-2016-2063/ANY/0.patch +git apply $cvePatches/CVE-2016-2185/ANY/0.patch +git apply $cvePatches/CVE-2016-2186/ANY/0.patch +git apply $cvePatches/CVE-2016-2187/ANY/0.patch +git apply $cvePatches/CVE-2016-2384/ANY/0.patch +git apply $cvePatches/CVE-2016-2475/ANY/0.patch +git apply $cvePatches/CVE-2016-2544/ANY/0.patch +git apply $cvePatches/CVE-2016-2545/ANY/0.patch +git apply $cvePatches/CVE-2016-2547/ANY/0.patch +git apply $cvePatches/CVE-2016-2549/ANY/0.patch +git apply $cvePatches/CVE-2016-3070/ANY/0.patch +git apply $cvePatches/CVE-2016-3134/3.10/0.patch +git apply $cvePatches/CVE-2016-3136/ANY/0.patch +git apply $cvePatches/CVE-2016-3137/ANY/0.patch +git apply $cvePatches/CVE-2016-3138/ANY/0.patch +git apply $cvePatches/CVE-2016-3140/ANY/0.patch +git apply $cvePatches/CVE-2016-3672/ANY/0.patch +git apply $cvePatches/CVE-2016-3689/ANY/0.patch +git apply $cvePatches/CVE-2016-3857/3.10/0.patch +git apply $cvePatches/CVE-2016-5342/ANY/0.patch +git apply $cvePatches/CVE-2016-5345/ANY/0.patch +git apply $cvePatches/CVE-2016-5859/ANY/0.patch +git apply $cvePatches/CVE-2016-5867/ANY/0.patch +git apply $cvePatches/CVE-2016-5870/ANY/0.patch +git apply $cvePatches/CVE-2016-6672/ANY/0.patch +git apply $cvePatches/CVE-2016-8404/ANY/0.patch +git apply $cvePatches/CVE-2016-9604/ANY/0.patch +git apply $cvePatches/CVE-2017-0436/ANY/0.patch +git apply $cvePatches/CVE-2017-0510/3.10/0.patch +git apply $cvePatches/CVE-2017-0516/ANY/0.patch +git apply $cvePatches/CVE-2017-0523/ANY/0.patch +git apply $cvePatches/CVE-2017-0537/ANY/0.patch +git apply $cvePatches/CVE-2017-0648/ANY/0.patch +git apply $cvePatches/CVE-2017-1000365/3.10/0.patch +git apply $cvePatches/CVE-2017-15265/ANY/0.patch +git apply $cvePatches/CVE-2017-2618/3.10/0.patch +git apply $cvePatches/CVE-2017-2671/ANY/0.patch +git apply $cvePatches/CVE-2017-5669/ANY/0.patch +git apply $cvePatches/CVE-2017-5967/3.10/1.patch +git apply $cvePatches/CVE-2017-6345/ANY/0.patch +git apply $cvePatches/CVE-2017-6348/ANY/0.patch +git apply $cvePatches/CVE-2017-6951/ANY/0.patch +git apply $cvePatches/CVE-2017-7472/ANY/0.patch +git apply $cvePatches/CVE-2017-7487/ANY/0.patch +git apply $cvePatches/CVE-2017-8280/ANY/0.patch +git apply $cvePatches/CVE-2017-9242/ANY/0.patch +git apply $cvePatches/LVT-2017-0003/3.10/0.patch +cd $base diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh index 389ab298..2f6e427e 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh @@ -1,12 +1,12 @@ #!/bin/bash cd $base"kernel/lge/bullhead" -git apply $cvePatches/CVE-2014-8160/ANY/0.patch +git apply $cvePatches/CVE-2014-8160/^3.18/0.patch git apply $cvePatches/CVE-2014-8173/ANY/0.patch git apply $cvePatches/CVE-2014-9781/ANY/0.patch git apply $cvePatches/CVE-2015-2041/ANY/0.patch git apply $cvePatches/CVE-2015-4170/ANY/0.patch git apply $cvePatches/CVE-2015-4177/ANY/0.patch -git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/^4.4/0.patch git apply $cvePatches/CVE-2015-7550/ANY/0.patch git apply $cvePatches/CVE-2016-0805/ANY/0.patch git apply $cvePatches/CVE-2016-10231/ANY/1.patch diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh index 6f26b5a2..a1522a36 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh @@ -1,16 +1,16 @@ #!/bin/bash cd $base"kernel/moto/shamu" -git apply $cvePatches/CVE-2014-8160/ANY/0.patch +git apply $cvePatches/CVE-2014-8160/^3.18/0.patch git apply $cvePatches/CVE-2014-8173/ANY/0.patch -git apply $cvePatches/CVE-2014-9420/ANY/0.patch -git apply $cvePatches/CVE-2014-9683/ANY/0.patch +git apply $cvePatches/CVE-2014-9420/3.2-^3.18/1.patch +git apply $cvePatches/CVE-2014-9683/3.2-^3.18/1.patch git apply $cvePatches/CVE-2014-9715/ANY/0.patch git apply $cvePatches/CVE-2014-9781/ANY/0.patch git apply $cvePatches/CVE-2015-1593/ANY/0.patch git apply $cvePatches/CVE-2015-2041/ANY/0.patch git apply $cvePatches/CVE-2015-4170/ANY/0.patch git apply $cvePatches/CVE-2015-4177/ANY/0.patch -git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/^4.4/0.patch git apply $cvePatches/CVE-2015-7550/ANY/0.patch git apply $cvePatches/CVE-2015-8967/ANY/0.patch git apply $cvePatches/CVE-2016-0758/ANY/0.patch diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh index fb6ea4b2..7a39c188 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh @@ -1,9 +1,9 @@ #!/bin/bash cd $base"kernel/motorola/msm8916" -git apply $cvePatches/CVE-2014-9420/ANY/0.patch +git apply $cvePatches/CVE-2014-9420/3.2-^3.18/1.patch git apply $cvePatches/CVE-2014-9781/ANY/0.patch git apply $cvePatches/CVE-2015-1593/ANY/0.patch -git apply $cvePatches/CVE-2015-7515/ANY/0.patch +git apply $cvePatches/CVE-2015-7515/^4.4/0.patch git apply $cvePatches/CVE-2015-8967/ANY/0.patch git apply $cvePatches/CVE-2016-10231/ANY/1.patch git apply $cvePatches/CVE-2016-10233/3.10/1.patch diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh index 9e1671dd..c2d68305 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh @@ -2,7 +2,7 @@ cd $base"kernel/samsung/smdk4412" git apply $cvePatches/CVE-2014-1739/ANY/0.patch git apply $cvePatches/CVE-2014-4656/ANY/0.patch -git apply $cvePatches/CVE-2014-9420/ANY/0.patch +git apply $cvePatches/CVE-2014-9420/^3.18/0.patch git apply $cvePatches/CVE-2014-9781/ANY/0.patch git apply $cvePatches/CVE-2014-9870/ANY/0.patch git apply $cvePatches/CVE-2014-9900/ANY/0.patch