ubuntu-kernel-tests

cve-2020-29373 in cve from ubuntu_ltp failed

Bug #1916046 reported by Francis Ginther
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
New
Undecided
Unassigned
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
New
Undecided
Unassigned
Groovy
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned

Bug Description

Not a regression, this is a new test added Feb 8, 2021: https://github.com/linux-test-project/ltp/commit/c4f669f13106862b6d8be38adf7825ae00ca7ac5

The log shows:
13260. 02/08 21:37:31 DEBUG| utils:0153| [stdout] startup='Mon Feb 8 21:37:30 2021'
13261. 02/08 21:37:31 DEBUG| utils:0153| [stdout] tst_test.c:1261: TINFO: Timeout per run is 0h 05m 00s
13262. 02/08 21:37:31 DEBUG| utils:0153| [stdout] io_uring02.c:148: TFAIL: Write outside chroot succeeded.
13263. 02/08 21:37:31 DEBUG| utils:0153| [stdout]
13264. 02/08 21:37:31 DEBUG| utils:0153| [stdout] HINT: You _MAY_ be missing kernel fixes, see:
13265. 02/08 21:37:31 DEBUG| utils:0153| [stdout]
13266. 02/08 21:37:31 DEBUG| utils:0153| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9392a27d88b9
13267. 02/08 21:37:31 DEBUG| utils:0153| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff002b30181d
13268. 02/08 21:37:31 DEBUG| utils:0153| [stdout]
13269. 02/08 21:37:31 DEBUG| utils:0153| [stdout] HINT: You _MAY_ be vulnerable to CVE(s), see:
13270. 02/08 21:37:31 DEBUG| utils:0153| [stdout]
13271. 02/08 21:37:31 DEBUG| utils:0153| [stdout] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29373
13272. 02/08 21:37:31 DEBUG| utils:0153| [stdout]
13273. 02/08 21:37:31 DEBUG| utils:0153| [stdout] Summary:
13274. 02/08 21:37:31 DEBUG| utils:0153| [stdout] passed 0
13275. 02/08 21:37:31 DEBUG| utils:0153| [stdout] failed 1
13276. 02/08 21:37:31 DEBUG| utils:0153| [stdout] broken 0
13277. 02/08 21:37:31 DEBUG| utils:0153| [stdout] skipped 0
13278. 02/08 21:37:31 DEBUG| utils:0153| [stdout] warnings 0
13279. 02/08 21:37:31 DEBUG| utils:0153| [stdout] tag=cve-2020-29373 stime=1612820250 dur=0 exit=exited stat=1 core=no cu=0

As of Feb 18, 2021, this CVE is not mitigated yet: https://ubuntu.com/security/CVE-2020-29373

Seen with linux-kvm 5.4.0-1033.34.

CVE References

Francis Ginther (fginther)
tags: added: focal
removed: bionic
Revision history for this message
Francis Ginther (fginther) wrote :

Seen on linux-oracle 5.4.0-1038.41.

tags: added: oracle
Revision history for this message
Francis Ginther (fginther) wrote :

A test for this CVE also exists in the io_uring02 test in the ubuntu_ltp_syscalls suite.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Found on 5.6.0-1050.54 Focal OEM.

tags: added: 5.6 oem ubuntu-ltp
tags: added: sru-20210222
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Described commit for the fix:

 * commit 9392a27d88b9707145d713654eb26f0c29789e50
 * Author: Jens Axboe <email address hidden>
 * Date: Thu Feb 6 21:42:51 2020 -0700
 *
 * io-wq: add support for inheriting ->fs
 *
 * commit ff002b30181d30cdfbca316dadd099c3ca0d739c
 * Author: Jens Axboe <email address hidden>
 * Date: Fri Feb 7 16:05:21 2020 -0700
 *
 * io_uring: grab ->fs as part of async preparation

Can be found in G/H.

tags: added: ubuntu-ltp-syscalls
Changed in linux (Ubuntu Groovy):
status: New → Fix Released
Changed in linux (Ubuntu Hirsute):
status: New → Fix Released
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Interesting thing on that CVE page is that this is marked as "Not vulnerable" to most of our kernels. Or even with "Does not exist".

This might needs to be investigated.

tags: added: 5.4
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Here is the log for this test on F-OEM-5.6 (node spitfire)

 startup='Sat Mar 13 04:58:36 2021'
 tst_test.c:1289: TINFO: Timeout per run is 0h 05m 00s
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Test timeouted, sending SIGKILL!
 Cannot kill test processes!
 Congratulation, likely test hit a kernel bug.
 Exitting uncleanly...
 tag=cve-2020-29373 stime=1615611516 dur=350 exit=exited stat=1 core=no cu=0 cs=0

Revision history for this message
Marcelo Cerri (mhcerri) wrote :

Still happening with linux-azure 5.8.0-1027.29 for cycle sru-20210315 but also for sru-20210222.

tags: added: 5.8 azure sru-20210315
tags: added: groovy
Po-Hsu Lin (cypressyew)
tags: added: ubuntu-ltp0cve
removed: ubuntu-ltp
tags: added: ubuntu-ltp-cve
removed: ubuntu-ltp0cve
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.