<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-build.git/scripts/package-build/linux-kernel/patches/kernel, branch rolling</title>
<subtitle>VyOS image build scripts (mirror of https://github.com/vyos/vyos-build.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-build.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-build.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/'/>
<updated>2026-07-08T18:38:55+00:00</updated>
<entry>
<title>Kernel: T9067: Update Linux Kernel to 6.18.38</title>
<updated>2026-07-08T18:38:55+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-07-08T18:38:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=9ab08c84d113aec00c5114721d87cdcda46f187d'/>
<id>urn:sha1:9ab08c84d113aec00c5114721d87cdcda46f187d</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge pull request #1227 from c-po/bnx2-patch</title>
<updated>2026-06-26T15:23:32+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2026-06-26T15:23:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=b3edf28db488a6d6af61e2c54c6ea9ae7a0f7053'/>
<id>urn:sha1:b3edf28db488a6d6af61e2c54c6ea9ae7a0f7053</id>
<content type='text'>
Kernel: T8914: add support for 2.5G pluggables on BCM57810S</content>
</entry>
<entry>
<title>Merge pull request #1189 from c-po/l2tpv3</title>
<updated>2026-06-26T12:24:51+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@vyos.io</email>
</author>
<published>2026-06-26T12:24:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=b284c29baa5ad43d9de885b26383821f2f8b3da8'/>
<id>urn:sha1:b284c29baa5ad43d9de885b26383821f2f8b3da8</id>
<content type='text'>
Kernel: T8605: net/l2tp: allow unmanaged tunnel setup without route to peer</content>
</entry>
<entry>
<title>Kernel: T8914: add support for 2.5G pluggables on BCM57810S</title>
<updated>2026-06-25T18:21:30+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-06-25T15:21:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=33efe03323b20540e3ce7262af0c5f4d042efd57'/>
<id>urn:sha1:33efe03323b20540e3ce7262af0c5f4d042efd57</id>
<content type='text'>
Add the well-known JAMESMTL kernel module patch for bnx2x to advertise 2.5Gbit/s
capabilities on Broadcom NetXtreme2-X cards with BCM57810S chipset.

This is useful for ISP GPON access networks that use 2.5Gbit/s pluggables and
need the NIC to negotiate beyond 1000baseT/Full, avoiding the 940Mbit/s
practical cap on overprovisioned 1G services.

References:
* https://hack-gpon.org/broadcom-57810s/
* https://github.com/JAMESMTL/snippets/blob/dceb2fee74d80c66d/bnx2x/patches/bnx2x_warpcore_8727_2_5g_sgmii_txfault.patch
</content>
</entry>
<entry>
<title>Kernel: T9010: update existing patches to remove "hunk off" notices</title>
<updated>2026-06-25T15:14:49+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-06-25T15:14:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=c6479a4be4351e8b2f07bfc40b73134d2ad16509'/>
<id>urn:sha1:c6479a4be4351e8b2f07bfc40b73134d2ad16509</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Kernel: T8919: Update Linux Kernel to 6.18.33</title>
<updated>2026-05-23T17:54:51+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-23T17:54:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=dc194b8f6275f55d812e316dcb55cd8f57056cf1'/>
<id>urn:sha1:dc194b8f6275f55d812e316dcb55cd8f57056cf1</id>
<content type='text'>
The Kernel 6.18.33 now has an upstream fix for the fragnesia vulnerability
</content>
</entry>
<entry>
<title>Kernel: T8871: Update Linux Kernel to 6.18.31</title>
<updated>2026-05-15T20:05:43+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-15T20:05:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=2d8bf69fb933b11ffc543121f9b0a9b461b6dc1e'/>
<id>urn:sha1:2d8bf69fb933b11ffc543121f9b0a9b461b6dc1e</id>
<content type='text'>
This fixes the LPE https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
</content>
</entry>
<entry>
<title>kernel: T8871: add a patch for the ptrace vulnerability</title>
<updated>2026-05-15T10:41:06+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@baturin.org</email>
</author>
<published>2026-05-15T10:41:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=396f782580761804cbdcaf2589dbf378b55edfde'/>
<id>urn:sha1:396f782580761804cbdcaf2589dbf378b55edfde</id>
<content type='text'>
that allows unprivileged users to read files owned by any other user
</content>
</entry>
<entry>
<title>Kernel: T8864: add patch for "fragnesia" local privilege escalation</title>
<updated>2026-05-14T11:39:02+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-14T11:34:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=d2d23bb8cafb209fc4459adaf43748e304b84392'/>
<id>urn:sha1:d2d23bb8cafb209fc4459adaf43748e304b84392</id>
<content type='text'>
Fragnesia is a universal Linux local privilege escalation exploit, discovered
with V12 by William Bowling with the V12 team. Fragnesia is a member of the
Dirty Frag vulnerability class. This is a separate bug in the ESP/XFRM from
dirtyfrag which has received its own patch. However, it is in the same surface
and the mitigation is the same as for dirtyfrag.

It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve
arbitrary byte writes into the kernel page cache of read-only files, without
requiring any race condition.

The technique extends the page-cache write bug class that includes Dirty Pipe:
when a TCP socket transitions to espintcp ULP mode after data has already been
spliced from a file into the receive queue, the kernel processes the queued
file pages as ESP ciphertext. The AES-GCM keystream byte at counter block
position 2, byte 0 is XORed directly into the cached file page. By selecting
the IV nonce to produce a desired keystream byte, any target byte in the file
can be set to any value — one byte per trigger invocation.

From: https://github.com/v12-security/pocs/blob/532994fc003a7/fragnesia/README.md
</content>
</entry>
<entry>
<title>Kernel: T8605: net/l2tp: allow unmanaged tunnel setup without route to peer</title>
<updated>2026-05-08T20:53:39+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-08T20:53:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=8c4d602b3f2513d928fa4f67d4c26545c879b7f8'/>
<id>urn:sha1:8c4d602b3f2513d928fa4f67d4c26545c879b7f8</id>
<content type='text'>
Kernel-created L2TPv3 tunnels (genetlink L2TP_CMD_TUNNEL_CREATE without
L2TP_ATTR_FD) used udp_sock_create() and kernel_connect(), which invoke
__ip4_datagram_connect() / __ip6_datagram_connect(). Those paths insist on
a successful FIB lookup at connect time. If no route to the configured
remote existed yet, tunnel and interface creation failed.

The data path already resolves routes on transmit (e.g. __ip_queue_xmit(),
inet6_csk_route_socket()). This change defers requiring a route until
packets are sent.

Details:
- UDP encapsulation: bind with udp_sock_create() after zeroing peer_udp_port,
  then l2tp_udp_sk_set_peer() sets daddr/dport and socket "connected" state
  without caching sk_dst from connect.
- IPv4 L2TP/IP (l2tp_ip): on -ENETUNREACH / -EHOSTUNREACH from
  __ip4_datagram_connect(), l2tp_ip_connect_deferred() installs peer and
  bind-table updates without a connect-time route.
- IPv6 L2TP/IP (l2tp_ip6): same for __ip6_datagram_connect(), including
  IPv4-mapped peers and scope / bound-device checks aligned with the normal
  connect path.

Forwarding still only happens once the FIB can reach the peer. Until then
outgoing packets follow the existing no-route drop path.

Assisted-by: Cursor:claude-4.6-opus
Signed-off-by: Christian Breunig &lt;christian@breunig.cc&gt;
</content>
</entry>
</feed>
