LSM Stacking prctl values should be redefined as to not collide with upstream prctls
Bug #1769263 reported by
Tyler Hicks
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The prctl values selected for LSM Stacking made some amount of sense at the time of Bionic's release but there may be future upstream changes that we want to be backport which would collide with the values selected.
Since LSM stacking is provided as an early preview in the Ubuntu kernels, we should use unusually high numbers to reduce the chances of colliding with an upstream feature.
CVE References
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
To post a comment you must log in.
This bug was fixed in the package linux - 4.15.0-22.24
---------------
linux (4.15.0-22.24) bionic; urgency=medium
* CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
* CVE-2018-3639 (x86) msr_write( ) /spec_store_ bypass bypass_ disable FORCE_DISABLE spec_ctrl: Do some minor cleanups mitigation( ) return type
- x86/nospec: Simplify alternative_
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/..
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_
mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/
- x86/bugs: Fix __ssb_select_
- x86/bugs: Make cpu_show_common() static
* LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values
linux (4.15.0-21.22) bionic; urgency=medium
* linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
* initramfs-tools exception during pm.DoInstall with do-release-upgrade from
16.04 to 18.04 (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
* linux-image- 4.15.0- 20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
* linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)
-- Stefan Bader <email address hidden> Tue, 15 May 2018 07:41:28 +0200