linux: patch CVE-2017-1000364 (stack clash)

2024-12-03 04:13:01 +00:00 · 2017-06-21 21:26:59 +02:00 · 2017-06-21 21:26:59 +02:00 · aab71b31d5
commit aab71b31d5
parent 16aa92305b
2 changed files with 21 additions and 0 deletions
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@ -156,4 +156,23 @@ rec {
        sha256 = "10dmv3d3gj8rvj9h40js4jh8xbr5wyaqiy0kd819mya441mj8ll2";
      };
    };
+
+  # CVE-2017-1000364 (stack clash)
+  mm_larger_stack_guard_gap_4_9 = rec
+    { name = "mm-larger-stack-guard-gap-between-vmas.patch";
+      patch = fetchpatch {
+        inherit name;
+        url = "https://anonscm.debian.org/cgit/kernel/linux.git/plain/debian/patches/bugfix/all/mm-enlarge-stack-guard-gap.patch?h=debian/4.9.30-2%2bdeb9u1_bpo8%2b1";
+        sha256 = "0bl7w1zgcy691avp54p6mvzdam6snrb7pz3hywsf2g2mcxjkyja5";
+      };
+    };
+
+  mm_larger_stack_guard_gap_4_11 = rec
+    { name = "mm-larger-stack-guard-gap-between-vmas.patch";
+      patch = fetchpatch {
+        inherit name;
+        url = "https://anonscm.debian.org/cgit/kernel/linux.git/plain/debian/patches/bugfix/all/mm-larger-stack-guard-gap-between-vmas.patch?h=debian/4.11.6-1";
+        sha256 = "19bakn3119v5jkhh4w7x3d50py9an1w8h7v3mmy7y2l2agj4mn3i";
+      };
+    };
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -11905,6 +11905,7 @@ with pkgs;
        kernelPatches.p9_fixes
        kernelPatches.cpu-cgroup-v2."4.9"
        kernelPatches.modinst_arg_list_too_long
+        kernelPatches.mm_larger_stack_guard_gap_4_9
      ]
      ++ lib.optionals ((platform.kernelArch or null) == "mips")
      [ kernelPatches.mips_fpureg_emu
@ -11921,6 +11922,7 @@ with pkgs;
        # when adding a new linux version
        kernelPatches.cpu-cgroup-v2."4.11"
        kernelPatches.modinst_arg_list_too_long
+        kernelPatches.mm_larger_stack_guard_gap_4_11
      ]
      ++ lib.optionals ((platform.kernelArch or null) == "mips")
      [ kernelPatches.mips_fpureg_emu