creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve failed with XFS

Bug #1950239 reported by Po-Hsu Lin
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
In Progress
Undecided
Unassigned
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
New
Undecided
Unassigned
Bionic
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Focal
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Hirsute
Fix Released
Medium
Thadeu Lima de Souza Cascardo
Impish
Fix Released
Undecided
Unassigned
linux-ibm (Ubuntu)
Bionic
New
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned
Impish
Won't Fix
Undecided
Unassigned
linux-oem-5.10 (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Invalid
Undecided
Unassigned
Bionic
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned
Impish
Invalid
Undecided
Unassigned
linux-oem-5.14 (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Invalid
Undecided
Unassigned
Bionic
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned
Impish
Invalid
Undecided
Unassigned

Bug Description

[Impact]
setgid files may be created on setgid directories owned by the directory
group by users not belonging to that group. That is restricted to XFS.

[Fix/Backport]
The fix for 5.11 and 5.10 kernels is one simple commit with a minor
backport conflict fixup on 5.10.

5.4, on the other hand, required other 3 pre-requisites, which could be
picked cleanly. On 4.15, however, they needed a lot of mangling and fixes.

[Test case]
creat09 LTP test case.

[Potential regression]
The creation of files on XFS may have the wrong attributes. Also, on 5.4
and 4.15, the potential regression is larger, also affecting quota,
statistics and other interfaces where uid, gid and projid are exposed.

=====================================

These two tests, creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve are actually the same test.

Issue found on F-oem-5.10.0-1051.53

With LTP upstream head SHA1 2ac54d426

This is not a regression, it's because of a recent update that enables this test on different filesystems:
https://github.com/linux-test-project/ltp/commit/433b6cf7ade3d5e3bd4b85ac89b164c53312e65a

Test failed on XFS with:
tst_test.c:1431: TINFO: Testing on xfs
tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts=''
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
creat09.c:92: TFAIL: mntpoint/testdir/creat.tmp: Setgid bit is set
creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
creat09.c:92: TFAIL: mntpoint/testdir/open.tmp: Setgid bit is set

Test log:
Checking for required user/group ids

'nobody' user id and group found.
'bin' user id and group found.
'daemon' user id and group found.
Users group found.
Sys group found.
Required users/groups exist.
no big block device was specified on commandline.
Tests which require a big block device are disabled.
You can specify it with option -z
INFO: Test start time: Mon Nov 8 10:00:06 UTC 2021
COMMAND: /opt/ltp/bin/ltp-pan -q -e -S -a 61758 -n 61758 -f /tmp/ltp-shLYORuoRT/alltests -l /dev/null -C /dev/null -T /dev/null
LOG File: /dev/null
FAILED COMMAND File: /dev/null
TCONF COMMAND File: /dev/null
Running tests.......
tst_device.c:88: TINFO: Found free device 3 '/dev/loop3'
tst_supported_fs_types.c:88: TINFO: Kernel supports ext2
tst_supported_fs_types.c:50: TINFO: mkfs.ext2 does exist
tst_supported_fs_types.c:88: TINFO: Kernel supports ext3
tst_supported_fs_types.c:50: TINFO: mkfs.ext3 does exist
tst_supported_fs_types.c:88: TINFO: Kernel supports ext4
tst_supported_fs_types.c:50: TINFO: mkfs.ext4 does exist
tst_supported_fs_types.c:88: TINFO: Kernel supports xfs
tst_supported_fs_types.c:50: TINFO: mkfs.xfs does exist
tst_supported_fs_types.c:88: TINFO: Kernel supports btrfs
tst_supported_fs_types.c:50: TINFO: mkfs.btrfs does exist
tst_supported_fs_types.c:146: TINFO: Skipping vfat as requested by the test
tst_supported_fs_types.c:146: TINFO: Skipping exfat as requested by the test
tst_supported_fs_types.c:88: TINFO: Kernel supports tmpfs
tst_supported_fs_types.c:37: TINFO: mkfs is not needed for tmpfs
tst_test.c:1431: TINFO: Testing on ext2
tst_test.c:932: TINFO: Formatting /dev/loop3 with ext2 opts='' extra opts=''
mke2fs 1.45.5 (07-Jan-2020)
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
tst_test.c:1431: TINFO: Testing on ext3
tst_test.c:932: TINFO: Formatting /dev/loop3 with ext3 opts='' extra opts=''
mke2fs 1.45.5 (07-Jan-2020)
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
tst_test.c:1431: TINFO: Testing on ext4
tst_test.c:932: TINFO: Formatting /dev/loop3 with ext4 opts='' extra opts=''
mke2fs 1.45.5 (07-Jan-2020)
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
tst_test.c:1431: TINFO: Testing on xfs
tst_test.c:932: TINFO: Formatting /dev/loop3 with xfs opts='' extra opts=''
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
creat09.c:92: TFAIL: mntpoint/testdir/creat.tmp: Setgid bit is set
creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
creat09.c:92: TFAIL: mntpoint/testdir/open.tmp: Setgid bit is set
tst_test.c:1431: TINFO: Testing on btrfs
tst_test.c:932: TINFO: Formatting /dev/loop3 with btrfs opts='' extra opts=''
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set
tst_test.c:1431: TINFO: Testing on tmpfs
tst_test.c:932: TINFO: Skipping mkfs for TMPFS filesystem
tst_test.c:913: TINFO: Limiting tmpfs size to 32MB
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
creat09.c:55: TINFO: User nobody: uid = 65534, gid = 65534
creat09.c:57: TINFO: Found unused GID 11: SUCCESS (0)
creat09.c:88: TPASS: mntpoint/testdir/creat.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/creat.tmp: Setgid bit not set
creat09.c:88: TPASS: mntpoint/testdir/open.tmp: Owned by correct group
creat09.c:94: TPASS: mntpoint/testdir/open.tmp: Setgid bit not set

HINT: You _MAY_ be missing kernel fixes, see:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e

HINT: You _MAY_ be vulnerable to CVE(s), see:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405

Summary:
passed 22
failed 2
broken 0
skipped 0
warnings 0

Po-Hsu Lin (cypressyew)
description: updated
Po-Hsu Lin (cypressyew)
description: updated
tags: added: 5.10 focal ubuntu-ltp-syscalls
Po-Hsu Lin (cypressyew)
summary: - creat09 from ubuntu_ltp_syscalls failed on F-oem-5.10
+ creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve
+ failed on F-oem-5.10
description: updated
tags: added: oem ubuntu-ltp
Po-Hsu Lin (cypressyew)
summary: creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve
- failed on F-oem-5.10
+ failed with XFS
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Can be found on Bionic 4.15.0-159-generic as well.

tags: added: 4.15 bionic
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1950239

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

From the LTP creat09 test comment:

 * This fix is incomplete if file is on xfs filesystem.
 *
 * Fixed in:
 *
 * commit 01ea173e103edd5ec41acec65b9261b87e123fc2
 * Author: Christoph Hellwig <email address hidden>
 * Date: Fri Jan 22 16:48:18 2021 -0800
 *
 * xfs: fix up non-directory creation in SGID directories

We need to fix this in all our affected kernels.
Cascardo.

Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu Bionic):
status: New → Confirmed
Changed in linux (Ubuntu Focal):
status: New → Confirmed
Changed in linux (Ubuntu Impish):
status: New → Fix Released
Changed in linux (Ubuntu Hirsute):
status: New → Confirmed
tags: added: hirsute
tags: added: sru-20211108
Revision history for this message
Krzysztof Kozlowski (krzk) wrote :

Found also on 2021.11.08/bionic/linux-azure-fips/4.15.0-2039.43

tags: added: azure
tags: added: hinted
Revision history for this message
Krzysztof Kozlowski (krzk) wrote :

Found also on 2021.11.08/focal/linux-azure/5.4.0-1064.67

tags: added: 5.4
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

This will require a backport for older kernels as xfs_ialloc was renamed to xfs_init_new_inode. I am working on it.

Cascardo.

Changed in linux (Ubuntu Hirsute):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux (Ubuntu Focal):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux (Ubuntu Bionic):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux (Ubuntu):
status: Incomplete → Fix Released
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

There is the in-disk inode structure that makes it complicated to backport the fix. Eventually, we would need something like the commit below in older releases.

542951592c99ff7b15c050954c051dd6dd6c0f97 ("xfs: remove the icdinode di_uid/di_gid members")

Alternatively, just making sure values match might be fine as on this commit.

3d8f2821502d0b60bac2789d0bea951fda61de0c ("xfs: ensure that the inode uid/gid match values match the icdinode ones")

Changed in linux-oem-5.14 (Ubuntu Focal):
status: New → Fix Released
Changed in linux-oem-5.14 (Ubuntu Impish):
status: New → Invalid
Changed in linux-oem-5.14 (Ubuntu Hirsute):
status: New → Invalid
Changed in linux-oem-5.14 (Ubuntu Bionic):
status: New → Invalid
Changed in linux-oem-5.14 (Ubuntu):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Focal):
status: New → Confirmed
Changed in linux-oem-5.10 (Ubuntu):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Impish):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Hirsute):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Bionic):
status: New → Invalid
Revision history for this message
Tim Gardner (timg-tpi) wrote :

Found on hirsute:linux-aws 5.11.0-1022.23

tags: added: 5.11 aws
Changed in linux (Ubuntu Hirsute):
status: Confirmed → In Progress
Changed in linux (Ubuntu Focal):
status: Confirmed → In Progress
Changed in linux (Ubuntu Bionic):
status: Confirmed → In Progress
Changed in linux-oem-5.10 (Ubuntu Focal):
status: Confirmed → In Progress
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu Hirsute):
importance: Undecided → Medium
status: In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
status: In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
status: In Progress → Fix Committed
AceLan Kao (acelankao)
Changed in linux-oem-5.10 (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-oem-5.10/5.10.0-1052.54 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

Works fine on 5.10.0-1052-oem.

Cascardo.

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.11.0-42.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-hirsute' to 'verification-done-hirsute'. If the problem still exists, change the tag 'verification-needed-hirsute' to 'verification-failed-hirsute'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-hirsute
Po-Hsu Lin (cypressyew)
Changed in ubuntu-kernel-tests:
status: New → In Progress
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Passed with Hirsute 5.11.0-42.46

tags: added: verification-done-hirsute
removed: verification-needed-hirsute
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-oem-5.10 - 5.10.0-1052.54

---------------
linux-oem-5.10 (5.10.0-1052.54) focal; urgency=medium

  * focal/linux-oem-5.10: 5.10.0-1052.54 -proposed tracker (LP: #1949843)

  * creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve
    failed with XFS (LP: #1950239)
    - xfs: fix up non-directory creation in SGID directories

  * Let NVMe with HMB use native power control again (LP: #1950042)
    - nvme-pci: use attribute group for cmb sysfs
    - nvme-pci: cmb sysfs: one file, one value
    - nvme-pci: disable hmb on idle suspend
    - nvme: allow user toggling hmb usage

  * require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
    - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc

 -- Chia-Lin Kao (AceLan) <email address hidden> Tue, 23 Nov 2021 15:29:37 +0800

Changed in linux-oem-5.10 (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/4.15.0-165.173 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Po-Hsu Lin (cypressyew)
Changed in linux-ibm (Ubuntu Focal):
status: New → Confirmed
no longer affects: linux-ibm (Ubuntu)
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Verified with B-AWS, 4.15.0-1117.124, test passed.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

focal/linux-ibm has not been updated to the latest focal/master-next version (5.4.0-92.103), which has the fix.

Cascardo.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Found on B-ibm-gt-5.4 (failing with ubuntu_ltp_cve/cve-2018-13405), version 5.4.0-1003.3.

(I accidentally removed the linux-ibm package from this bug report)

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Spotted on T-AWS-4.4 4.4.0-1098.103

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux - 4.15.0-166.174

---------------
linux (4.15.0-166.174) bionic; urgency=medium

  * bionic/linux: 4.15.0-166.174 -proposed tracker (LP: #1953667)

  * Ubuntu version macros overflow with high ABI numbers (LP: #1953522)
    - SAUCE: Revert "stable: clamp SUBLEVEL in 4.14"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287)
    - SAUCE: Revert "bpf: add also cbpf long jump test cases with heavy expansion"

  * test_bpf.sh test in net of ubuntu_kernel_selftests failed on B-4.15 and
    variants (LP: #1953287) // CVE-2018-25020
    - bpf: fix truncated jump targets on heavy expansions

linux (4.15.0-165.173) bionic; urgency=medium

  * bionic/linux: 4.15.0-165.173 -proposed tracker (LP: #1952780)

  * Support builtin revoked certificates (LP: #1932029)
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
    - SAUCE: integrity: add informational messages when revoking certs

  * CVE-2021-4002
    - arm64: tlb: Provide forward declaration of tlb_flush() before including
      tlb.h
    - mm: mmu_notifier fix for tlb_end_vma
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

linux (4.15.0-164.172) bionic; urgency=medium

  * bionic/linux: 4.15.0-164.172 -proposed tracker (LP: #1952348)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * Bionic update: upstream stable patchset 2021-11-23 (LP: #1951997)
    - btrfs: always wait on ordered extents at fsync time
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - NIOS2: irqflags: rename a redefined register name
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - ocfs2: fix data corruption after conversio...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (19.0 KiB)

This bug was fixed in the package linux - 5.4.0-92.103

---------------
linux (5.4.0-92.103) focal; urgency=medium

  * focal/linux: 5.4.0-92.103 -proposed tracker (LP: #1952316)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - tlb: mmu_gather: add tlb_flush_*_range APIs
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] Enable CONFIG_DEBUG_INFO_BTF on all arches

  * Focal linux-azure: Vm crash on Dv5/Ev5 (LP: #1950462)
    - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again
    - jump_label: Fix usage in module __init

  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: (lockdown) Make get_cert_list() not complain about
      cert lists that aren't present."
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table

  * Focal update: v5.4.157 upstream stable release (LP: #1951883)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ipv6: use siphash in rt6_exception_hash()
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port100: fix using -ERRNO as command type mask
    - net/tls: Fix flipped sign in tls_err_abort() calls
    - mmc: vub300: fix control-message timeouts
    - mmc: cqhci: clear HALT state after CQE enable
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-esdhc-imx: clear the buffe...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (19.4 KiB)

This bug was fixed in the package linux-ibm - 5.4.0-1010.11

---------------
linux-ibm (5.4.0-1010.11) focal; urgency=medium

  * focal/linux-ibm: 5.4.0-1010.11 -proposed tracker (LP: #1952302)

  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] ibm: Enable CONFIG_DEBUG_INFO_BTF on all arches

  * Support builtin revoked certificates (LP: #1932029)
    - [Config] ibm: Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  [ Ubuntu: 5.4.0-92.103 ]

  * focal/linux: 5.4.0-92.103 -proposed tracker (LP: #1952316)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)
  * CVE-2021-4002
    - tlb: mmu_gather: add tlb_flush_*_range APIs
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare
  * Re-enable DEBUG_INFO_BTF where it was disabled (LP: #1945632)
    - [Config] Enable CONFIG_DEBUG_INFO_BTF on all arches
  * Focal linux-azure: Vm crash on Dv5/Ev5 (LP: #1950462)
    - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again
    - jump_label: Fix usage in module __init
  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: (lockdown) Make get_cert_list() not complain about
      cert lists that aren't present."
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys
  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs
  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table
  * Focal update: v5.4.157 upstream stable release (LP: #1951883)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - ipv6: use siphash in rt6_exception_hash()
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port1...

Changed in linux-ibm (Ubuntu Focal):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (32.7 KiB)

This bug was fixed in the package linux - 5.11.0-44.48

---------------
linux (5.11.0-44.48) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-44.48 -proposed tracker (LP: #1954388)

  * Add F81966 watchdog support (LP: #1949063)
    - SAUCE: watchdog: f71808e_wdt: Add F81966 support

linux (5.11.0-42.46) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-42.46 -proposed tracker (LP: #1952278)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type

  * Hirsute update: upstream stable patchset 2021-11-24 (LP: #1952136)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix gart.bo pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - io_uring: kill fasync
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop
    - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
    - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
    - ALSA: hda/realtek: Add quirk for Clevo X170KM-G
    - ALSA: hda/realtek - ALC236 headset MIC recording issue
    - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1
    - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
    - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
    - s390: fix strrchr() implementation
    - clk: socfpga: agilex: fix duplicate s2f_user0_clk
    - csky: don't let si...

Changed in linux (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote :

Ubuntu 21.10 (Impish Indri) has reached end of life, so this bug will not be fixed for that specific release.

Changed in linux-ibm (Ubuntu Impish):
status: New → Won't Fix
Po-Hsu Lin (cypressyew)
Changed in linux-oem-5.14 (Ubuntu Xenial):
status: New → Invalid
Po-Hsu Lin (cypressyew)
Changed in linux-ibm (Ubuntu Hirsute):
status: New → Invalid
Changed in linux-oem-5.10 (Ubuntu Xenial):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers