<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-build.git/scripts/package-build/linux-kernel, branch current</title>
<subtitle>VyOS image build scripts (mirror of https://github.com/vyos/vyos-build.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-build.git/atom?h=current</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-build.git/atom?h=current'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/'/>
<updated>2026-05-28T15:07:13+00:00</updated>
<entry>
<title>Kernel: T8938: consolidate build time options for amd64 and arm64 WWAN</title>
<updated>2026-05-28T15:07:13+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-28T15:07:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=40b8f6fc6d9ed7fc45f350f4cebce2f6d1bcbd76'/>
<id>urn:sha1:40b8f6fc6d9ed7fc45f350f4cebce2f6d1bcbd76</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Kernel: T8919: Update Linux Kernel to 6.18.33</title>
<updated>2026-05-23T17:54:51+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-23T17:54:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=dc194b8f6275f55d812e316dcb55cd8f57056cf1'/>
<id>urn:sha1:dc194b8f6275f55d812e316dcb55cd8f57056cf1</id>
<content type='text'>
The Kernel 6.18.33 now has an upstream fix for the fragnesia vulnerability
</content>
</entry>
<entry>
<title>Merge pull request #1194 from c-po/kernel-source</title>
<updated>2026-05-18T14:28:03+00:00</updated>
<author>
<name>Andrii Klymenko</name>
<email>a.klymenko@vyos.io</email>
</author>
<published>2026-05-18T14:28:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=440a78d5e423e444c29f58cd5a377cff859863eb'/>
<id>urn:sha1:440a78d5e423e444c29f58cd5a377cff859863eb</id>
<content type='text'>
Kernel: T8880: reduce size of Kernel source TAR</content>
</entry>
<entry>
<title>Kernel: T8879: add missing Hyper-V drivers after 6.18 upgrade (#1193)</title>
<updated>2026-05-18T12:47:40+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-18T12:47:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=11a3b4bd380b0ecf757c71642ce4d0633faf3c3c'/>
<id>urn:sha1:11a3b4bd380b0ecf757c71642ce4d0633faf3c3c</id>
<content type='text'>
* Kernel: T8846: consolidate config for CPU/Task time and stats accounting

* Kernel: T8879: add config section for hypervisor Virtual Socket Protocol

* Kernel: T8879: add missing Hyper-V drivers after 6.18 upgrade

Add drivers for Hyper-V hypervisor which got lost in transition from 6.6 to
6.18 Kernel upgrade.</content>
</entry>
<entry>
<title>Kernel: T8880: reduce size of Kernel source TAR</title>
<updated>2026-05-17T15:56:32+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-17T15:56:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=b956a4b265dc76f4441b7fe596a9f1efb1dc8b90'/>
<id>urn:sha1:b956a4b265dc76f4441b7fe596a9f1efb1dc8b90</id>
<content type='text'>
Enable "make mrproper" before packaging kernel source tarball. After enabling
PWRU support in T8496, the auto-generated kernel source tarball grew from under
1 GB to ~4 GB, largely due to intermediate build artifacts (for example,
vmlinuz.o growing from 54 MB to 618 MB with additional debug symbols).

Since the tarball is intended to contain kernel sources and custom patches and
not intermediate objects, we now clean the tree with "make mrproper" before
creating the tarball. This keeps package size down while preserving
rebuildability.
</content>
</entry>
<entry>
<title>Kernel: T8871: Update Linux Kernel to 6.18.31</title>
<updated>2026-05-15T20:05:43+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-15T20:05:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=2d8bf69fb933b11ffc543121f9b0a9b461b6dc1e'/>
<id>urn:sha1:2d8bf69fb933b11ffc543121f9b0a9b461b6dc1e</id>
<content type='text'>
This fixes the LPE https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
</content>
</entry>
<entry>
<title>kernel: T8871: add a patch for the ptrace vulnerability</title>
<updated>2026-05-15T10:41:06+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@baturin.org</email>
</author>
<published>2026-05-15T10:41:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=396f782580761804cbdcaf2589dbf378b55edfde'/>
<id>urn:sha1:396f782580761804cbdcaf2589dbf378b55edfde</id>
<content type='text'>
that allows unprivileged users to read files owned by any other user
</content>
</entry>
<entry>
<title>Kernel: T8864: add patch for "fragnesia" local privilege escalation</title>
<updated>2026-05-14T11:39:02+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-05-14T11:34:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=d2d23bb8cafb209fc4459adaf43748e304b84392'/>
<id>urn:sha1:d2d23bb8cafb209fc4459adaf43748e304b84392</id>
<content type='text'>
Fragnesia is a universal Linux local privilege escalation exploit, discovered
with V12 by William Bowling with the V12 team. Fragnesia is a member of the
Dirty Frag vulnerability class. This is a separate bug in the ESP/XFRM from
dirtyfrag which has received its own patch. However, it is in the same surface
and the mitigation is the same as for dirtyfrag.

It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve
arbitrary byte writes into the kernel page cache of read-only files, without
requiring any race condition.

The technique extends the page-cache write bug class that includes Dirty Pipe:
when a TCP socket transitions to espintcp ULP mode after data has already been
spliced from a file into the receive queue, the kernel processes the queued
file pages as ESP ciphertext. The AES-GCM keystream byte at counter block
position 2, byte 0 is XORed directly into the cached file page. By selecting
the IV nonce to produce a desired keystream byte, any target byte in the file
can be set to any value — one byte per trigger invocation.

From: https://github.com/v12-security/pocs/blob/532994fc003a7/fragnesia/README.md
</content>
</entry>
<entry>
<title>Merge pull request #1178 from SuperQ/superq/psi</title>
<updated>2026-05-13T15:29:03+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@vyos.io</email>
</author>
<published>2026-05-13T15:29:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=3531b7771f0aab0847cc09be35fbb1621bc2a0e5'/>
<id>urn:sha1:3531b7771f0aab0847cc09be35fbb1621bc2a0e5</id>
<content type='text'>
kernel: T8847: Enable PSI metric data</content>
</entry>
<entry>
<title>Enable PSI metric data</title>
<updated>2026-05-11T19:29:42+00:00</updated>
<author>
<name>SuperQ</name>
<email>superq@gmail.com</email>
</author>
<published>2026-05-03T15:27:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-build.git/commit/?id=a20cc9b9f851fc1c5962295c06257a1d8d7a8909'/>
<id>urn:sha1:a20cc9b9f851fc1c5962295c06257a1d8d7a8909</id>
<content type='text'>
Enable the kernel [Pressure Stall Information][PSI] accounting feature.
This allows users to gather data on CPU and memory starvation. It's very
useful to help find cases where the system performance is impacted by
overloaded CPUs.

[PSI]: https://docs.kernel.org/accounting/psi.html

Signed-off-by: SuperQ &lt;superq@gmail.com&gt;
</content>
</entry>
</feed>
