Ubuntu
gcc-9 package

CVE-2023-4039: ARM64 GCC

Bug #2054343 reported by Markus Ueberall
268
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gcc-10 (Ubuntu)
Fix Released
Wishlist
Unassigned
Focal
Triaged
Medium
Mauricio Faria de Oliveira
Jammy
Triaged
Medium
Mauricio Faria de Oliveira
Noble
Fix Released
Undecided
Unassigned
gcc-11 (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Triaged
Medium
Mauricio Faria de Oliveira
Noble
Fix Committed
Undecided
Unassigned
gcc-12 (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Triaged
Medium
Mauricio Faria de Oliveira
Noble
Fix Released
Undecided
Unassigned
gcc-13 (Ubuntu)
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned
gcc-9 (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Triaged
Medium
Mauricio Faria de Oliveira
Jammy
Triaged
Medium
Mauricio Faria de Oliveira

CVE References

Seth Arnold (seth-arnold)
information type: Private Security → Public Security
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gcc-10 (Ubuntu):
status: New → Confirmed
Revision history for this message
Rama malladi (rvmallad) wrote :

Can we have this issue (https://ubuntu.com/security/CVE-2023-4039) fixed by patching all the version of GCC supported in Ubuntu releases? Thank you. It impacts `aarch64` based processors such as AWS Graviton.

Revision history for this message
Rama malladi (rvmallad) wrote :

Here are the technical details of this issue and the GCC patches to fix it:
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64#Technical-Specifications

Fabio Augusto Miranda Martins (fabio.martins)
tags: added: rls-ff-incoming rls-jj-incoming rls-mm-incoming rls-nn-incoming
Revision history for this message
Matthias Klose (doko) wrote :

GCC 10 is not a default compiler in any LTS release.

Changed in gcc-10 (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Julian Andres Klode (juliank) wrote :

gcc-10 is shipped in focal main so it needs a security fix there; we should probably address the fix in gcc-10 in noble as well.

For other releases, gcc-10 is in universe, and fixes for it can be landed via esm-apps-security in Ubuntu Pro.

tags: added: rls-ff-wontfix rls-jj-wontfix rls-mm-wontfix
removed: rls-ff-incoming rls-jj-incoming rls-mm-incoming
Changed in gcc-10 (Ubuntu Focal):
status: New → Triaged
tags: added: foundations-todo
removed: rls-ff-wontfix
Revision history for this message
Julian Andres Klode (juliank) wrote :

doko: Should we consider splitting the bug into the FTBFS on noble in this one and a separate one for the CVE itself?

Simon Chopin (schopin)
tags: removed: rls-nn-incoming
Revision history for this message
Matthias Klose (doko) wrote :

fixed in noble

Changed in gcc-10 (Ubuntu):
status: Confirmed → Fix Released
gerald.yang (gerald-yang-tw)
summary: - arm64 build of gcc-10 10.5.0-3ubuntu1 still broken (CVE-2023-4039 still
- open)
+ CVE-2023-4039: ARM64 GCC
no longer affects: gcc-13 (Ubuntu Focal)
no longer affects: gcc-11 (Ubuntu Focal)
no longer affects: gcc-12 (Ubuntu Focal)
gerald.yang (gerald-yang-tw)
Changed in gcc-10 (Ubuntu Noble):
status: New → Fix Released
Changed in gcc-11 (Ubuntu Noble):
status: New → Fix Committed
Changed in gcc-12 (Ubuntu Noble):
status: New → Fix Released
Changed in gcc-13 (Ubuntu Noble):
status: New → Fix Released
no longer affects: gcc-13 (Ubuntu Jammy)
Changed in gcc-13 (Ubuntu):
status: New → Fix Released
no longer affects: gcc-9 (Ubuntu Noble)
Revision history for this message
gerald.yang (gerald-yang-tw) wrote :

I have organized the affected GCC version on Focal, Jammy and Noble.

All GCC versions (10, 11, 12, 13) on Noble already include the fix.

Could we also backport the fix to GCC versions on Jammy and Focal?
At least GCC-9 is in main on Focal and GCC-11 is in main on Jammy.

Thanks,
Gerald

Revision history for this message
gerald.yang (gerald-yang-tw) wrote :

The patches can be found here (re-post from comment #3):
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64#Technical-Specifications

Revision history for this message
gerald.yang (gerald-yang-tw) wrote :

Hi Matthias,

Could you help to take a look into this backport for focal and jammy? really appreciate!

Thanks,
Gerald

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Working on it; have test builds for gcc-12/11/10/9 on jammy and gcc-10/9 on focal
(following the changes/process used in gcc-N packages to add the patch, similarly).
Currently going through autopkgtests, and one unrelated (Ada?) FTBFS, being looked.

Changed in gcc-12 (Ubuntu Jammy):
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
status: New → Triaged
Changed in gcc-11 (Ubuntu Jammy):
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
status: New → Triaged
Changed in gcc-10 (Ubuntu Jammy):
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
status: New → Triaged
Changed in gcc-10 (Ubuntu Focal):
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
no longer affects: gcc-9 (Ubuntu)
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Apparently, cannot target gcc-9 to Jammy/Focal, not even by going to the edit status link/page manually.

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

gcc-12 fixed in 12.3.0-9, already in Mantic/Noble/Oracular (devel).

gcc-12 (12.3.0-9) unstable; urgency=medium

    - Address stack protector and stack clash protection weaknesses
      on AArch64. CVE-2023-4039.

$ rmadison -a source gcc-12
 gcc-12 | 12-20220319-1ubuntu1 | jammy | source
 gcc-12 | 12.3.0-1ubuntu1~22.04 | jammy-security | source
 gcc-12 | 12.3.0-1ubuntu1~22.04 | jammy-updates | source
 gcc-12 | 12.3.0-9ubuntu2 | mantic | source
 gcc-12 | 12.3.0-17ubuntu1 | noble/universe | source
 gcc-12 | 12.3.0-17ubuntu1 | oracular/universe | source

Changed in gcc-12 (Ubuntu):
status: New → Fix Released
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Similarly for gcc-11 (11.4.0-4 in Mantic/Noble/Oracular).

gcc-11 (11.4.0-4) unstable; urgency=medium

    - Address stack protector and stack clash protection weaknesses
      on AArch64. CVE-2023-4039.

$ rmadison -a source gcc-11
 gcc-11 | 11.2.0-19ubuntu1 | jammy | source
 gcc-11 | 11.4.0-1ubuntu1~22.04 | jammy-security | source
 gcc-11 | 11.4.0-1ubuntu1~22.04 | jammy-updates | source
 gcc-11 | 11.4.0-4ubuntu1 | mantic | source
 gcc-11 | 11.4.0-9ubuntu1 | noble/universe | source
 gcc-11 | 11.4.0-9ubuntu1 | oracular/universe | source

Changed in gcc-11 (Ubuntu):
status: New → Fix Released
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Similarly for gcc-10 (10.5.0-4 in Noble/Oracular).

gcc-10 (10.5.0-4) unstable; urgency=medium

  * Fix ftbfs on AArch64 in previous upload.

gcc-10 (10.5.0-3) unstable; urgency=medium

  * Address stack protector and stack clash protection weaknesses
    on AArch64. CVE-2023-4039. Taken from the gcc-11 branch.

$ rmadison -a source gcc-10
 gcc-10 | 10-20200411-0ubuntu1 | focal | source
 gcc-10 | 10.3.0-15ubuntu1 | jammy/universe | source
 gcc-10 | 10.5.0-1ubuntu1~20.04 | focal-security | source
 gcc-10 | 10.5.0-1ubuntu1~20.04 | focal-updates | source
 gcc-10 | 10.5.0-1ubuntu1~22.04 | jammy-security/universe | source
 gcc-10 | 10.5.0-1ubuntu1~22.04 | jammy-updates/universe | source
 gcc-10 | 10.5.0-1ubuntu1 | mantic/universe | source
 gcc-10 | 10.5.0-4ubuntu2 | noble/universe | source
 gcc-10 | 10.5.0-4ubuntu2 | oracular/universe | source

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Similarly for gcc-9 (9.5.0-6 in Noble/Oracular).

gcc-9 (9.5.0-6) unstable; urgency=medium

  * Address stack protector and stack clash protection weaknesses
    on AArch64. CVE-2023-4039.

$ rmadison -a source gcc-9
 gcc-9 | 9.3.0-10ubuntu2 | focal | source
 gcc-9 | 9.4.0-1ubuntu1~20.04.2 | focal-security | source
 gcc-9 | 9.4.0-1ubuntu1~20.04.2 | focal-updates | source
 gcc-9 | 9.4.0-1ubuntu1~20.04.3 | focal-proposed | source
 gcc-9 | 9.4.0-5ubuntu1 | jammy/universe | source
 gcc-9 | 9.5.0-1ubuntu1~22.04 | jammy-security/universe | source
 gcc-9 | 9.5.0-1ubuntu1~22.04 | jammy-updates/universe | source
 gcc-9 | 9.5.0-4ubuntu2 | mantic/universe | source
 gcc-9 | 9.5.0-6ubuntu2 | noble/universe | source
 gcc-9 | 9.5.0-6ubuntu2 | oracular/universe | source

Changed in gcc-9 (Ubuntu):
status: New → Fix Released
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

(comment #12)
> Apparently, cannot target gcc-9 to Jammy/Focal, not even by going to the edit status link/page manually.

Added via LP API:

$ python3 -q
>>> cachedir = "/home/mfo/.launchpadlib/cache/"
>>> from launchpadlib.launchpad import Launchpad
>>> lp = Launchpad.login_with(..., 'production', cachedir, version='devel')
>>> bug=lp.bugs[2054343]
>>> bug.addTask(target='https://api.launchpad.net/devel/ubuntu/jammy/+source/gcc-9')
<bug_task at https://api.launchpad.net/devel/ubuntu/jammy/+source/gcc-9/+bug/2054343>
>>> bug.addTask(target='https://api.launchpad.net/devel/ubuntu/focal/+source/gcc-9')
<bug_task at https://api.launchpad.net/devel/ubuntu/focal/+source/gcc-9/+bug/2054343>

Changed in gcc-9 (Ubuntu Jammy):
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
status: New → Triaged
Changed in gcc-9 (Ubuntu Focal):
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
status: New → Triaged
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.