2024-07-08 02:44:17 |
Po-Hsu Lin |
bug |
|
|
added bug |
2024-07-08 03:47:45 |
Po-Hsu Lin |
description |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
- KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
- KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS
For aslr related tests, they all failed with:
Command: './aslr32', 'stack', '--verbose'
Exec format error: './aslr32'
For test_381_compat_alloc_userspace test, it will try to run:
Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'
./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")")
From the Makefile this CVE-2010-3081 executable was complied with -m32 flag.
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) |
|
2024-07-08 03:55:20 |
Po-Hsu Lin |
description |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
- KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS
For aslr related tests, they all failed with:
Command: './aslr32', 'stack', '--verbose'
Exec format error: './aslr32'
For test_381_compat_alloc_userspace test, it will try to run:
Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'
./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")")
From the Makefile this CVE-2010-3081 executable was complied with -m32 flag.
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
For aslr related tests, they all failed with:
Command: './aslr32', 'stack', '--verbose'
Exec format error: './aslr32'
For test_381_compat_alloc_userspace test, it will try to run:
Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'
./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")")
From the Makefile this CVE-2010-3081 executable was complied with -m32 flag.
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) |
|
2024-07-08 03:57:38 |
Po-Hsu Lin |
description |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
For aslr related tests, they all failed with:
Command: './aslr32', 'stack', '--verbose'
Exec format error: './aslr32'
For test_381_compat_alloc_userspace test, it will try to run:
Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'
./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")")
From the Makefile this CVE-2010-3081 executable was complied with -m32 flag.
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
For aslr related tests, they all failed with:
Command: './aslr32', 'stack', '--verbose'
Exec format error: './aslr32'
For test_381_compat_alloc_userspace test, it will try to run:
Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'
./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")")
From the Makefile this CVE-2010-3081 executable was complied with -m32 flag.
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information)
[ 1394.649972] 32-bit emulation disabled. You can reenable with ia32_emulation=on |
|
2024-07-08 04:50:57 |
Po-Hsu Lin |
description |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
For aslr related tests, they all failed with:
Command: './aslr32', 'stack', '--verbose'
Exec format error: './aslr32'
For test_381_compat_alloc_userspace test, it will try to run:
Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'
./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")")
From the Makefile this CVE-2010-3081 executable was complied with -m32 flag.
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information)
[ 1394.649972] 32-bit emulation disabled. You can reenable with ia32_emulation=on |
Issue found on Google N2D instances since sru-20240429
Test:
ubuntu_32_on_64
ubuntu_qrt_kernel_security
- KernelSecurityTest.test_020_aslr_dapper_stack
- KernelSecurityTest.test_021_aslr_dapper_libs
- KernelSecurityTest.test_021_aslr_dapper_mmap
- KernelSecurityTest.test_022_aslr_hardy_text
- KernelSecurityTest.test_022_aslr_hardy_vdso
- KernelSecurityTest.test_022_aslr_intrepid_brk
- KernelSecurityTest.test_023_aslr_wily_pie
- KernelSecurityTest.test_381_compat_alloc_userspace
For aslr related tests, they all failed with:
Command: './aslr32', 'stack', '--verbose'
Exec format error: './aslr32'
For test_381_compat_alloc_userspace test, it will try to run:
Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'
./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")")
From the Makefile this CVE-2010-3081 executable was complied with -m32 flag.
This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information)
[ 1394.649972] 32-bit emulation disabled. You can reenable with ia32_emulation=on |
|