Kernel tried to execute NX-protected page - exploit attempt?

Status changed to 'Confirmed' because the bug affects multiple users.

In addition to the other fun with 4.13, it also includes the Meltdown changes in 4.13.0-1004, and Spectre changes in 4.13.0-1006. Have you tried other kernels in the 4.13 line?

Is this a 100% repro? If yes, can you check if adding the "nopti" kernel parameter can fix the issue?

A new round of kernels was released last night, including Linux-azure-4.13.0-1007... are you still seeing this trace?

Thanks for the update, I will try it on next Monday.

Envoyé de mon iPhone

> Le 26 janv. 2018 à 17:02, Joshua R. Poulson <email address hidden> a écrit :
>
> A new round of kernels was released last night, including Linux-
> azure-4.13.0-1007... are you still seeing this trace?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.launchpad.net_bugs_1745169&d=DwIFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=z5XGstltxu4cfsKdlKwB7UfMhixnkYaDErhbw48DYF8&m=F0JqNyJ_FUcXTRZn6vZl3whHJGoJdnyD07nC65IlkGI&s=lFf-ooj63oLgALjU1iqZ0HKBPEVfO4HM_dPlbd9F9Zo&e=
>
> Title:
> Kernel tried to execute NX-protected page - exploit attempt?
>
> Status in linux-azure package in Ubuntu:
> Confirmed
> Status in linux-meta-hwe-edge package in Ubuntu:
> New
>
> Bug description:
> Hi,
>
> This morning I had an issue in the install of elasticsearch-2.4.6, and
> when I have a look in journalctl, I have this BUG: unable to handle
> kernel paging request at 00007f7d7d67e7a0
>
> My configuration:
> elasticsearch@es-usb:~$ uname -r
> 4.13.0-1006-azure
>
> When I do the downgrade on the 4.11.0-1016-azure kernel version,
> everything is working well.
>
> More information of my journalctl:
> Jan 24 12:12:53 es-usb systemd[1]: Starting Elasticsearch...
> Jan 24 12:12:53 es-usb systemd[1]: Started Elasticsearch.
> Jan 24 12:12:53 es-usb sudo[18774]: pam_unix(sudo:session): session closed for user root
> Jan 24 12:12:55 es-usb kernel: kernel tried to execute NX-protected page - exploit attempt? (uid: 1000)
> Jan 24 12:12:55 es-usb kernel: BUG: unable to handle kernel paging request at 00007f7d7d67e7a0
> Jan 24 12:12:55 es-usb kernel: IP: 0x7f7d7d67e7a0
> Jan 24 12:12:55 es-usb kernel: PGD 80000001b6e97067
> Jan 24 12:12:55 es-usb kernel: P4D 80000001b6e97067
> Jan 24 12:12:55 es-usb kernel: PUD 1b55fd067
> Jan 24 12:12:55 es-usb kernel: PMD 1b55fc067
> Jan 24 12:12:55 es-usb kernel: PTE 80000001aa5ac867
> Jan 24 12:12:55 es-usb kernel:
> Jan 24 12:12:55 es-usb kernel: Oops: 0011 [#7] SMP PTI
> Jan 24 12:12:55 es-usb kernel: Modules linked in: xt_nat xt_tcpudp veth ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_nat_ipv4 xt_addrtype nf_nat br_netfilter bridge stp llc overlay xt_multiport iptable_filter nf_conntrack_ipv4 n
> Jan 24 12:12:55 es-usb kernel: hyperv_keyboard hid cfbimgblt cfbcopyarea hv_utils ptp pps_core hv_netvsc
> Jan 24 12:12:55 es-usb kernel: CPU: 0 PID: 18809 Comm: java Tainted: G D 4.13.0-1006-azure #8-Ubuntu
> Jan 24 12:12:55 es-usb kernel: Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090007 06/02/2017
> Jan 24 12:12:55 es-usb kernel: task: ffff9c04b5e42e80 task.stack: ffffb490c5aa0000
> Jan 24 12:12:55 es-usb kernel: RIP: 0010:0x7f7d7d67e7a0
> Jan 24 12:12:55 es-usb kernel: RSP: 0018:ffffb490c5aa3f50 EFLAGS: 00010202
> Jan 24 12:12:55 es-usb kernel: RAX: 00000000000003e7 RBX: 0000000000000000 RCX: 00007f7d7cf914d9
> Jan 24 12:12:55 es-usb kernel: RDX: 00007f7d7d67ef50 R...

Issue went away after I upgraded.
4.13.0-32-generic #35~16.04.1-Ubuntu SMP Thu Jan 25 10:13:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linu

I retried this morning, and problem solved!
Thanks