linux_4_9: patch for CVE-2017-5986

Seems fairly low impact[1] but we might as well patch it until a new 4.9 version is released [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1420276
2024-11-24 16:03:23 +00:00 · 2017-02-17 19:09:50 +01:00 · 2017-02-17 19:09:50 +01:00 · e8007c0e89
commit e8007c0e89
parent 73577a2b05
2 changed files with 10 additions and 0 deletions
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@ -175,4 +175,13 @@ rec {
      };
    };

+  sctp_bug_on_CVE_2017_5986 = rec
+    { name = "sctp_BUG_ON_CVE_2017_5986.patch";
+      patch = fetchpatch {
+        inherit name;
+        url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90";
+        sha256 = "15np10bfm5yzby9zbkrh23qpm91wnprblsk0xn9yjryypnz8njxh";
+      };
+    };
+
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -11294,6 +11294,7 @@ with pkgs;
        # !!! 4.7 patch doesn't apply, 4.9 patch not up yet, will keep checking
        # kernelPatches.cpu-cgroup-v2."4.7"
        kernelPatches.modinst_arg_list_too_long
+        kernelPatches.sctp_bug_on_CVE_2017_5986
      ]
      ++ lib.optionals ((platform.kernelArch or null) == "mips")
      [ kernelPatches.mips_fpureg_emu