ubuntu-kernel-tests

  1. Bug #2072457
  2. Activity log

Activity log for bug #2072457

Date Who What changed Old value New value Message
2024-07-08 02:44:17 Po-Hsu Lin bug added bug
2024-07-08 03:47:45 Po-Hsu Lin description Issue found on Google N2D instances since sru-20240429 Test: ubuntu_32_on_64 ubuntu_qrt_kernel_security - KernelSecurityTest.test_020_aslr_dapper_stack - KernelSecurityTest.test_022_aslr_hardy_text - KernelSecurityTest.test_022_aslr_hardy_vdso - KernelSecurityTest.test_022_aslr_intrepid_brk - KernelSecurityTest.test_023_aslr_wily_pie - KernelSecurityTest.test_381_compat_alloc_userspace - KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) Issue found on Google N2D instances since sru-20240429 Test:  ubuntu_32_on_64  ubuntu_qrt_kernel_security    - KernelSecurityTest.test_020_aslr_dapper_stack    - KernelSecurityTest.test_022_aslr_hardy_text    - KernelSecurityTest.test_022_aslr_hardy_vdso    - KernelSecurityTest.test_022_aslr_intrepid_brk    - KernelSecurityTest.test_023_aslr_wily_pie    - KernelSecurityTest.test_381_compat_alloc_userspace    - KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS For aslr related tests, they all failed with: Command: './aslr32', 'stack', '--verbose' Exec format error: './aslr32' For test_381_compat_alloc_userspace test, it will try to run: Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081' ./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")") From the Makefile this CVE-2010-3081 executable was complied with -m32 flag. This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information)
2024-07-08 03:55:20 Po-Hsu Lin description Issue found on Google N2D instances since sru-20240429 Test:  ubuntu_32_on_64  ubuntu_qrt_kernel_security    - KernelSecurityTest.test_020_aslr_dapper_stack    - KernelSecurityTest.test_022_aslr_hardy_text    - KernelSecurityTest.test_022_aslr_hardy_vdso    - KernelSecurityTest.test_022_aslr_intrepid_brk    - KernelSecurityTest.test_023_aslr_wily_pie    - KernelSecurityTest.test_381_compat_alloc_userspace    - KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS For aslr related tests, they all failed with: Command: './aslr32', 'stack', '--verbose' Exec format error: './aslr32' For test_381_compat_alloc_userspace test, it will try to run: Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081' ./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")") From the Makefile this CVE-2010-3081 executable was complied with -m32 flag. This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) Issue found on Google N2D instances since sru-20240429 Test:  ubuntu_32_on_64  ubuntu_qrt_kernel_security    - KernelSecurityTest.test_020_aslr_dapper_stack    - KernelSecurityTest.test_022_aslr_hardy_text    - KernelSecurityTest.test_022_aslr_hardy_vdso    - KernelSecurityTest.test_022_aslr_intrepid_brk    - KernelSecurityTest.test_023_aslr_wily_pie    - KernelSecurityTest.test_381_compat_alloc_userspace For aslr related tests, they all failed with: Command: './aslr32', 'stack', '--verbose'  Exec format error: './aslr32' For test_381_compat_alloc_userspace test, it will try to run: Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'  ./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")") From the Makefile this CVE-2010-3081 executable was complied with -m32 flag. This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information)
2024-07-08 03:57:38 Po-Hsu Lin description Issue found on Google N2D instances since sru-20240429 Test:  ubuntu_32_on_64  ubuntu_qrt_kernel_security    - KernelSecurityTest.test_020_aslr_dapper_stack    - KernelSecurityTest.test_022_aslr_hardy_text    - KernelSecurityTest.test_022_aslr_hardy_vdso    - KernelSecurityTest.test_022_aslr_intrepid_brk    - KernelSecurityTest.test_023_aslr_wily_pie    - KernelSecurityTest.test_381_compat_alloc_userspace For aslr related tests, they all failed with: Command: './aslr32', 'stack', '--verbose'  Exec format error: './aslr32' For test_381_compat_alloc_userspace test, it will try to run: Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'  ./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")") From the Makefile this CVE-2010-3081 executable was complied with -m32 flag. This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) Issue found on Google N2D instances since sru-20240429 Test:  ubuntu_32_on_64  ubuntu_qrt_kernel_security    - KernelSecurityTest.test_020_aslr_dapper_stack    - KernelSecurityTest.test_022_aslr_hardy_text    - KernelSecurityTest.test_022_aslr_hardy_vdso    - KernelSecurityTest.test_022_aslr_intrepid_brk    - KernelSecurityTest.test_023_aslr_wily_pie    - KernelSecurityTest.test_381_compat_alloc_userspace For aslr related tests, they all failed with: Command: './aslr32', 'stack', '--verbose'  Exec format error: './aslr32' For test_381_compat_alloc_userspace test, it will try to run: Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'  ./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")") From the Makefile this CVE-2010-3081 executable was complied with -m32 flag. This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) [ 1394.649972] 32-bit emulation disabled. You can reenable with ia32_emulation=on
2024-07-08 04:50:57 Po-Hsu Lin description Issue found on Google N2D instances since sru-20240429 Test:  ubuntu_32_on_64  ubuntu_qrt_kernel_security    - KernelSecurityTest.test_020_aslr_dapper_stack    - KernelSecurityTest.test_022_aslr_hardy_text    - KernelSecurityTest.test_022_aslr_hardy_vdso    - KernelSecurityTest.test_022_aslr_intrepid_brk    - KernelSecurityTest.test_023_aslr_wily_pie    - KernelSecurityTest.test_381_compat_alloc_userspace For aslr related tests, they all failed with: Command: './aslr32', 'stack', '--verbose'  Exec format error: './aslr32' For test_381_compat_alloc_userspace test, it will try to run: Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'  ./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")") From the Makefile this CVE-2010-3081 executable was complied with -m32 flag. This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) [ 1394.649972] 32-bit emulation disabled. You can reenable with ia32_emulation=on Issue found on Google N2D instances since sru-20240429 Test:  ubuntu_32_on_64  ubuntu_qrt_kernel_security    - KernelSecurityTest.test_020_aslr_dapper_stack - KernelSecurityTest.test_021_aslr_dapper_libs - KernelSecurityTest.test_021_aslr_dapper_mmap    - KernelSecurityTest.test_022_aslr_hardy_text    - KernelSecurityTest.test_022_aslr_hardy_vdso    - KernelSecurityTest.test_022_aslr_intrepid_brk    - KernelSecurityTest.test_023_aslr_wily_pie    - KernelSecurityTest.test_381_compat_alloc_userspace For aslr related tests, they all failed with: Command: './aslr32', 'stack', '--verbose'  Exec format error: './aslr32' For test_381_compat_alloc_userspace test, it will try to run: Command: 'sudo', '-u', 'ubuntu', './CVE-2010-3081'  ./CVE-2010-3081: 1: Syntax error: word unexpected (expecting ")") From the Makefile this CVE-2010-3081 executable was complied with -m32 flag. This is because of commit b82a8dbd3, one of the fixes for CVE-2024-25744. This CVE describes vulnerability exhibits in confidential computing VMs, and it affects 4.15 and after. Unfortunately it is very hard to backport to older kernels so we took the suggestion of a upstream maintainer and simply disabled the IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan for the information) [ 1394.649972] 32-bit emulation disabled. You can reenable with ia32_emulation=on