CVE-2021-39685 : Linux Kernel USB Gadget buffer overflow - Mitigation in pmaports kernels

All kernels in community and main need to be patched for CVE-2021-396885.

  1. This means either rebasing on a current LTS kernel branch that has received the fix, or backporting the following two patches:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=6eea4ace62fa6414432692ee44f0c0a3d541d97a

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=36dfdf11af49d3c009c711fb16f5c6e7a274505d

  1. When a MR is submitted, paste the link as a comment in this issue, or tick the check box and paste a link to it in the list below if you have access to edit issues.

  2. Important, regarding v21.12 release: If your device is supported in the v21.12 release, please tag the MR to upgrade the kernel with the backport-to-v21.12 label so I know to include it in the release! Talk to @craftyguy if you are unsure if your device needs to be retested for the release...

  3. To test whether the patching is successful, this script can be used: gadget.py

    • Note: It requires patching libusb on the host, see the top comment block in the script for instructions. If you are running Alpine Linux on your host, then this patch to aports will do it as well (build and install): http://0x0.st/-Coo.patch

main/community kernel roundup from aports:

Edited by Newbyte