<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-build.git/scripts/package-build/linux-kernel/patches, branch rolling</title>
<subtitle>VyOS image build scripts (mirror of https://github.com/vyos/vyos-build.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-build.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-build.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/'/>
<updated>2026-07-08T18:38:55+00:00</updated>
<entry>
<title>Kernel: T9067: Update Linux Kernel to 6.18.38</title>
<updated>2026-07-08T18:38:55+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-07-08T18:38:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=9ab08c84d113aec00c5114721d87cdcda46f187d'/>
<id>urn:sha1:9ab08c84d113aec00c5114721d87cdcda46f187d</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge pull request #1227 from c-po/bnx2-patch</title>
<updated>2026-06-26T15:23:32+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2026-06-26T15:23:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=b3edf28db488a6d6af61e2c54c6ea9ae7a0f7053'/>
<id>urn:sha1:b3edf28db488a6d6af61e2c54c6ea9ae7a0f7053</id>
<content type='text'>
Kernel: T8914: add support for 2.5G pluggables on BCM57810S</content>
</entry>
<entry>
<title>Merge pull request #1189 from c-po/l2tpv3</title>
<updated>2026-06-26T12:24:51+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@vyos.io</email>
</author>
<published>2026-06-26T12:24:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=b284c29baa5ad43d9de885b26383821f2f8b3da8'/>
<id>urn:sha1:b284c29baa5ad43d9de885b26383821f2f8b3da8</id>
<content type='text'>
Kernel: T8605: net/l2tp: allow unmanaged tunnel setup without route to peer</content>
</entry>
<entry>
<title>Kernel: T8914: add support for 2.5G pluggables on BCM57810S</title>
<updated>2026-06-25T18:21:30+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-06-25T15:21:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=33efe03323b20540e3ce7262af0c5f4d042efd57'/>
<id>urn:sha1:33efe03323b20540e3ce7262af0c5f4d042efd57</id>
<content type='text'>
Add the well-known JAMESMTL kernel module patch for bnx2x to advertise 2.5Gbit/s
capabilities on Broadcom NetXtreme2-X cards with BCM57810S chipset.

This is useful for ISP GPON access networks that use 2.5Gbit/s pluggables and
need the NIC to negotiate beyond 1000baseT/Full, avoiding the 940Mbit/s
practical cap on overprovisioned 1G services.

References:
* https://hack-gpon.org/broadcom-57810s/
* https://github.com/JAMESMTL/snippets/blob/dceb2fee74d80c66d/bnx2x/patches/bnx2x_warpcore_8727_2_5g_sgmii_txfault.patch
</content>
</entry>
<entry>
<title>Kernel: T9010: update existing patches to remove "hunk off" notices</title>
<updated>2026-06-25T15:14:49+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-06-25T15:14:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=c6479a4be4351e8b2f07bfc40b73134d2ad16509'/>
<id>urn:sha1:c6479a4be4351e8b2f07bfc40b73134d2ad16509</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Kernel: T9010: update Intel OOT module drivers</title>
<updated>2026-06-23T04:40:41+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-06-22T17:05:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=865879115454b9616e6fb5ec06d9c5c8b33b1295'/>
<id>urn:sha1:865879115454b9616e6fb5ec06d9c5c8b33b1295</id>
<content type='text'>
Update versions:
* igb v5.20.28
* ixgbe v6.4.4
* ixgbevf v5.3.36
* i40e v2.30.18
* ice v2.6.6
* iavf v4.13.35
</content>
</entry>
<entry>
<title>Kernel: T8919: Update Linux Kernel to 6.18.33</title>
<updated>2026-05-23T17:54:51+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-23T17:54:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=dc194b8f6275f55d812e316dcb55cd8f57056cf1'/>
<id>urn:sha1:dc194b8f6275f55d812e316dcb55cd8f57056cf1</id>
<content type='text'>
The Kernel 6.18.33 now has an upstream fix for the fragnesia vulnerability
</content>
</entry>
<entry>
<title>Kernel: T8871: Update Linux Kernel to 6.18.31</title>
<updated>2026-05-15T20:05:43+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-15T20:05:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=2d8bf69fb933b11ffc543121f9b0a9b461b6dc1e'/>
<id>urn:sha1:2d8bf69fb933b11ffc543121f9b0a9b461b6dc1e</id>
<content type='text'>
This fixes the LPE https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
</content>
</entry>
<entry>
<title>kernel: T8871: add a patch for the ptrace vulnerability</title>
<updated>2026-05-15T10:41:06+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@baturin.org</email>
</author>
<published>2026-05-15T10:41:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=396f782580761804cbdcaf2589dbf378b55edfde'/>
<id>urn:sha1:396f782580761804cbdcaf2589dbf378b55edfde</id>
<content type='text'>
that allows unprivileged users to read files owned by any other user
</content>
</entry>
<entry>
<title>Kernel: T8864: add patch for "fragnesia" local privilege escalation</title>
<updated>2026-05-14T11:39:02+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-14T11:34:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=d2d23bb8cafb209fc4459adaf43748e304b84392'/>
<id>urn:sha1:d2d23bb8cafb209fc4459adaf43748e304b84392</id>
<content type='text'>
Fragnesia is a universal Linux local privilege escalation exploit, discovered
with V12 by William Bowling with the V12 team. Fragnesia is a member of the
Dirty Frag vulnerability class. This is a separate bug in the ESP/XFRM from
dirtyfrag which has received its own patch. However, it is in the same surface
and the mitigation is the same as for dirtyfrag.

It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve
arbitrary byte writes into the kernel page cache of read-only files, without
requiring any race condition.

The technique extends the page-cache write bug class that includes Dirty Pipe:
when a TCP socket transitions to espintcp ULP mode after data has already been
spliced from a file into the receive queue, the kernel processes the queued
file pages as ESP ciphertext. The AES-GCM keystream byte at counter block
position 2, byte 0 is XORed directly into the cached file page. By selecting
the IV nonce to produce a desired keystream byte, any target byte in the file
can be set to any value — one byte per trigger invocation.

From: https://github.com/v12-security/pocs/blob/532994fc003a7/fragnesia/README.md
</content>
</entry>
</feed>
