Bug#1032924: linux-image-amd64: new upstream stable kernel 6.2.6 fixes some rtl8192e, cfg80211 and tpm bugs
Package: linux-image-amd64
Severity: important
Tags: newcomer security
X-Debbugs-Cc: debian-experimental-changes@lists.debian.org, debian-kernel@lists.debian.org, Debian Security Team <team@security.debian.org>
Dear Maintainers
I am reporting the new stable kernel release 6.2.6 which fixes some realtek
bugs
the link to the changelog is
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.6
commit 4a48cd80957e796844d3868b2a417cf79bcd134c
Author: Hector Martin <marcan@marcan.st>
Date: Sat Mar 11 23:19:14 2023 +0900
wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for
wext"
commit 79d1ed5ca7db67d48e870c979f0e0f6b0947944a upstream.
This reverts part of commit 015b8cc5e7c4 ("wifi: cfg80211: Fix use after
free for wext")
This commit broke WPA offload by unconditionally clearing the crypto
modes for non-WEP connections. Drop that part of the patch.
Signed-off-by: Hector Martin <marcan@marcan.st>
Reported-by: Ilya <me@0upti.me>
Reported-and-tested-by: Janne Grunau <j@jannau.net>
Reviewed-by: Eric Curtin <ecurtin@redhat.com>
Fixes: 015b8cc5e7c4 ("wifi: cfg80211: Fix use after free for wext")
Cc: stable@kernel.org
Link: https://lore.kernel.org/linux-
wireless/ZAx0TWRBlGfv7pNl@kroah.com/T/#m11e6e0915ab8fa19ce8bc9695ab288c0fe018edf
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e143354b441786c4f356f7c9b1852bc723dbd81b
Author: Mario Limonciello <mario.limonciello@amd.com>
Date: Mon Feb 27 20:44:39 2023 -0600
tpm: disable hwrng for fTPM on some AMD designs
commit f1324bbc4011ed8aef3f4552210fc429bcd616da upstream.
AMD has issued an advisory indicating that having fTPM enabled in
BIOS can cause "stuttering" in the OS. This issue has been fixed
in newer versions of the fTPM firmware, but it's up to system
designers to decide whether to distribute it.
This issue has existed for a while, but is more prevalent starting
with kernel 6.1 because commit b006c439d58db ("hwrng: core - start
hwrng kthread also for untrusted sources") started to use the fTPM
for hwrng by default. However, all uses of /dev/hwrng result in
unacceptable stuttering.
So, simply disable registration of the defective hwrng when detecting
these faulty fTPM versions. As this is caused by faulty firmware, it
is plausible that such a problem could also be reproduced by other TPM
interactions, but this hasn't been shown by any user's testing or reports.
It is hypothesized to be triggered more frequently by the use of the RNG
because userspace software will fetch random numbers regularly.
Intentionally continue to register other TPM functionality so that users
that rely upon PCR measurements or any storage of data will still have
access to it. If it's found later that another TPM functionality is
exacerbating this problem a module parameter it can be turned off entirely
and a module parameter can be introduced to allow users who rely upon
fTPM functionality to turn it on even though this problem is present.
Link: https://www.amd.com/en/support/kb/faq/pa-410
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216989
Link: https://lore.kernel.org/all/20230209153120.261904-1-Jason@zx2c4.com/
Fixes: b006c439d58d ("hwrng: core - start hwrng kthread also for untrusted
sources")
Cc: stable@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>
Tested-by: reach622@mailcuk.com
Tested-by: Bell <1138267643@qq.com>
Co-developed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
I am in the process to test it like I have tested 6.2.5.
Again the site https://tracker.debian.org/pkg/linux is lagging behind when it
comes to latest releases
Can you please package it and send it to experimental ? since If I do it is
spamming ?
Kind Regards
Renato Gallo
-- System Information:
Debian Release: 12.0
APT prefers testing
APT policy: (700, 'testing'), (600, 'unstable'), (500, 'testing-security'), (499, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.2.5 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: