On Wed, Apr 10, 2024 at 09:02:50PM +0200, Salvatore Bonaccorso wrote:

Hi Greg, Sasha, Thadeu,

Today there was mentioning of

https://www.jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html

a LPE from the n_gsm module. I do realize, Thadeu mentioned the possible attack surface already back in

https://lore.kernel.org/all/ZMuRoDbMcQrsCs3m@quatroqueijos.cascardo.eti.br/#...

Published exploits are referenced as well through the potential initial finder in https://github.com/YuriiCrimson/ExploitGSM .

While 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") is not the fix itself, it helps mitigating against this issue.

Thus can you consider applying this still to the stable series as needed? I think it should go at least back to 5.15.y but if Iunderstood Thadeu correctly then even further back to the still supported stable branches.

What do you think?

Sure, I'll queue it up. I think the "real" bugs there are already resolved in the various older kernel trees, but adding this is "defense in depth" and makes sense.

thanks,

greg k-h