Skip to content

Commit dee5ac7

Browse files
kernel: disable AX25 amateur radio protocol support in response to CVE-2024-35887 (#12553)
CVE-2024-35887 is a vulnerability discovered in the ax25 code. Since we don't support amateur radios, it is better to fully disable this feature and lower the attack surface area. Signed-off-by: Chris Co <chrco@microsoft.com>
1 parent 66c9233 commit dee5ac7

13 files changed

Lines changed: 29 additions & 44 deletions

File tree

SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
Summary: Signed Linux Kernel for Azure
1111
Name: kernel-azure-signed-%{buildarch}
1212
Version: 5.15.176.3
13-
Release: 2%{?dist}
13+
Release: 3%{?dist}
1414
License: GPLv2
1515
Vendor: Microsoft Corporation
1616
Distribution: Mariner
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
153153
%exclude /module_info.ld
154154

155155
%changelog
156+
* Sat Feb 22 2025 Chris Co <chrco@microsoft.com> - 5.15.176.3-3
157+
- Bump to match kernel-azure spec
158+
156159
* Tue Feb 11 2025 Rachel Menge <rachelmenge@microsoft.com> - 5.15.176.3-2
157160
- Bump release to match kernel-azure
158161

SPECS-SIGNED/kernel-signed/kernel-signed.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
Summary: Signed Linux Kernel for %{buildarch} systems
1111
Name: kernel-signed-%{buildarch}
1212
Version: 5.15.176.3
13-
Release: 2%{?dist}
13+
Release: 3%{?dist}
1414
License: GPLv2
1515
Vendor: Microsoft Corporation
1616
Distribution: Mariner
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
153153
%exclude /module_info.ld
154154

155155
%changelog
156+
* Sat Feb 22 2025 Chris Co <chrco@microsoft.com> - 5.15.176.3-3
157+
- Bump release to match kernel
158+
156159
* Tue Feb 11 2025 Rachel Menge <rachelmenge@microsoft.com> - 5.15.176.3-2
157160
- Bump release to match kernel
158161

SPECS/kernel-azure/config_aarch64

Lines changed: 1 addition & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1785,22 +1785,7 @@ CONFIG_HAMRADIO=y
17851785
#
17861786
# Packet Radio protocols
17871787
#
1788-
CONFIG_AX25=m
1789-
CONFIG_AX25_DAMA_SLAVE=y
1790-
CONFIG_NETROM=m
1791-
CONFIG_ROSE=m
1792-
1793-
#
1794-
# AX.25 network device drivers
1795-
#
1796-
CONFIG_MKISS=m
1797-
CONFIG_6PACK=m
1798-
CONFIG_BPQETHER=m
1799-
CONFIG_BAYCOM_SER_FDX=m
1800-
CONFIG_BAYCOM_SER_HDX=m
1801-
CONFIG_YAM=m
1802-
# end of AX.25 network device drivers
1803-
1788+
# CONFIG_AX25 is not set
18041789
CONFIG_CAN=m
18051790
CONFIG_CAN_RAW=m
18061791
CONFIG_CAN_BCM=m

SPECS/kernel-azure/kernel-azure.signatures.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
"Signatures": {
33
"cbl-mariner-ca-20211013-20230216.pem": "228046d92ccb7d268cf4f195425c0f990afa00a968cc940fb1df4629fb7a6765",
44
"config": "709587c5500af8f805ecfbd62b49c64a1e2c9ce21e1f0e09e992508f96663bd5",
5-
"config_aarch64": "afe6c84516359cdb227e1316c944ea84deda2cf20ef3e8e3264edcf653d03476",
5+
"config_aarch64": "dee6946a414d8d82990b9509e0f41ed490c071fcd560cf6b34234b0994b62064",
66
"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",
77
"kernel-5.15.176.3.tar.gz": "d7a029ae0897929f983b89aa902897adcd057028206818014fa7648a854581a3"
88
}

SPECS/kernel-azure/kernel-azure.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
Summary: Linux Kernel
2929
Name: kernel-azure
3030
Version: 5.15.176.3
31-
Release: 2%{?dist}
31+
Release: 3%{?dist}
3232
License: GPLv2
3333
Vendor: Microsoft Corporation
3434
Distribution: Mariner
@@ -420,6 +420,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
420420
%{_sysconfdir}/bash_completion.d/bpftool
421421

422422
%changelog
423+
* Sat Feb 22 2025 Chris Co <chrco@microsoft.com> - 5.15.176.3-3
424+
- Disable AX25 Amateur Radio protocol support
425+
423426
* Tue Feb 11 2025 Rachel Menge <rachelmenge@microsoft.com> - 5.15.176.3-2
424427
- Append 20230216 key to CBL-Mariner key
425428

SPECS/kernel-headers/kernel-headers.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
Summary: Linux API header files
1313
Name: kernel-headers
1414
Version: 5.15.176.3
15-
Release: 2%{?dist}
15+
Release: 3%{?dist}
1616
License: GPLv2
1717
Vendor: Microsoft Corporation
1818
Distribution: Mariner
@@ -73,6 +73,9 @@ done
7373
%endif
7474

7575
%changelog
76+
* Sat Feb 22 2025 Chris Co <chrco@microsoft.com> - 5.15.176.3-3
77+
- Bump release to match kernel
78+
7679
* Tue Feb 11 2025 Rachel Menge <rachelmenge@microsoft.com> - 5.15.176.3-2
7780
- Bump release to match kernel
7881

SPECS/kernel/config_aarch64

Lines changed: 1 addition & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1786,22 +1786,7 @@ CONFIG_HAMRADIO=y
17861786
#
17871787
# Packet Radio protocols
17881788
#
1789-
CONFIG_AX25=m
1790-
CONFIG_AX25_DAMA_SLAVE=y
1791-
CONFIG_NETROM=m
1792-
# CONFIG_ROSE is not set
1793-
1794-
#
1795-
# AX.25 network device drivers
1796-
#
1797-
CONFIG_MKISS=m
1798-
CONFIG_6PACK=m
1799-
CONFIG_BPQETHER=m
1800-
CONFIG_BAYCOM_SER_FDX=m
1801-
CONFIG_BAYCOM_SER_HDX=m
1802-
CONFIG_YAM=m
1803-
# end of AX.25 network device drivers
1804-
1789+
# CONFIG_AX25 is not set
18051790
CONFIG_CAN=m
18061791
CONFIG_CAN_RAW=m
18071792
CONFIG_CAN_BCM=m

SPECS/kernel/kernel.signatures.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
"Signatures": {
33
"cbl-mariner-ca-20211013-20230216.pem": "228046d92ccb7d268cf4f195425c0f990afa00a968cc940fb1df4629fb7a6765",
44
"config": "c6c28fba7ee15b5dd9cd75006350eb2fe3cb2f907fde4511f102c3c8edf8c370",
5-
"config_aarch64": "dfba0705205a5fc33d55bdc29db56c6aac9803b9d72bd44b4e15d187b747d899",
5+
"config_aarch64": "3ea6095b7f26f0b179cc6502f0cc0e1c5ee54898a07c45fa1d549e25e8cfa608",
66
"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",
77
"kernel-5.15.176.3.tar.gz": "d7a029ae0897929f983b89aa902897adcd057028206818014fa7648a854581a3"
88
}

SPECS/kernel/kernel.spec

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
Summary: Linux Kernel
2929
Name: kernel
3030
Version: 5.15.176.3
31-
Release: 2%{?dist}
31+
Release: 3%{?dist}
3232
License: GPLv2
3333
Vendor: Microsoft Corporation
3434
Distribution: Mariner
@@ -426,6 +426,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
426426
%{_sysconfdir}/bash_completion.d/bpftool
427427

428428
%changelog
429+
* Sat Feb 22 2025 Chris Co <chrco@microsoft.com> - 5.15.176.3-3
430+
- Disable AX25 Amateur Radio protocol support
431+
429432
* Tue Feb 11 2025 Rachel Menge <rachelmenge@microsoft.com> - 5.15.176.3-2
430433
- Append 20230216 key to CBL-Mariner key
431434

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
filesystem-1.1-20.cm2.aarch64.rpm
2-
kernel-headers-5.15.176.3-2.cm2.noarch.rpm
2+
kernel-headers-5.15.176.3-3.cm2.noarch.rpm
33
glibc-2.35-7.cm2.aarch64.rpm
44
glibc-devel-2.35-7.cm2.aarch64.rpm
55
glibc-i18n-2.35-7.cm2.aarch64.rpm

0 commit comments

Comments
 (0)