Ubuntu
linux-meta-hwe-edge package

  1. Bug #1745169
  2. Comment #5

Comment 5 for bug 1745169

Revision history for this message
Damien Cuenot (dcuenot) wrote : Re: [External] [Bug 1745169] Re: Kernel tried to execute NX-protected page - exploit attempt?

Thanks for the update, I will try it on next Monday.

Envoyé de mon iPhone

> Le 26 janv. 2018 à 17:02, Joshua R. Poulson <email address hidden> a écrit :
>
> A new round of kernels was released last night, including Linux-
> azure-4.13.0-1007... are you still seeing this trace?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.launchpad.net_bugs_1745169&d=DwIFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=z5XGstltxu4cfsKdlKwB7UfMhixnkYaDErhbw48DYF8&m=F0JqNyJ_FUcXTRZn6vZl3whHJGoJdnyD07nC65IlkGI&s=lFf-ooj63oLgALjU1iqZ0HKBPEVfO4HM_dPlbd9F9Zo&e=
>
> Title:
> Kernel tried to execute NX-protected page - exploit attempt?
>
> Status in linux-azure package in Ubuntu:
> Confirmed
> Status in linux-meta-hwe-edge package in Ubuntu:
> New
>
> Bug description:
> Hi,
>
> This morning I had an issue in the install of elasticsearch-2.4.6, and
> when I have a look in journalctl, I have this BUG: unable to handle
> kernel paging request at 00007f7d7d67e7a0
>
> My configuration:
> elasticsearch@es-usb:~$ uname -r
> 4.13.0-1006-azure
>
> When I do the downgrade on the 4.11.0-1016-azure kernel version,
> everything is working well.
>
> More information of my journalctl:
> Jan 24 12:12:53 es-usb systemd[1]: Starting Elasticsearch...
> Jan 24 12:12:53 es-usb systemd[1]: Started Elasticsearch.
> Jan 24 12:12:53 es-usb sudo[18774]: pam_unix(sudo:session): session closed for user root
> Jan 24 12:12:55 es-usb kernel: kernel tried to execute NX-protected page - exploit attempt? (uid: 1000)
> Jan 24 12:12:55 es-usb kernel: BUG: unable to handle kernel paging request at 00007f7d7d67e7a0
> Jan 24 12:12:55 es-usb kernel: IP: 0x7f7d7d67e7a0
> Jan 24 12:12:55 es-usb kernel: PGD 80000001b6e97067
> Jan 24 12:12:55 es-usb kernel: P4D 80000001b6e97067
> Jan 24 12:12:55 es-usb kernel: PUD 1b55fd067
> Jan 24 12:12:55 es-usb kernel: PMD 1b55fc067
> Jan 24 12:12:55 es-usb kernel: PTE 80000001aa5ac867
> Jan 24 12:12:55 es-usb kernel:
> Jan 24 12:12:55 es-usb kernel: Oops: 0011 [#7] SMP PTI
> Jan 24 12:12:55 es-usb kernel: Modules linked in: xt_nat xt_tcpudp veth ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_nat_ipv4 xt_addrtype nf_nat br_netfilter bridge stp llc overlay xt_multiport iptable_filter nf_conntrack_ipv4 n
> Jan 24 12:12:55 es-usb kernel: hyperv_keyboard hid cfbimgblt cfbcopyarea hv_utils ptp pps_core hv_netvsc
> Jan 24 12:12:55 es-usb kernel: CPU: 0 PID: 18809 Comm: java Tainted: G D 4.13.0-1006-azure #8-Ubuntu
> Jan 24 12:12:55 es-usb kernel: Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090007 06/02/2017
> Jan 24 12:12:55 es-usb kernel: task: ffff9c04b5e42e80 task.stack: ffffb490c5aa0000
> Jan 24 12:12:55 es-usb kernel: RIP: 0010:0x7f7d7d67e7a0
> Jan 24 12:12:55 es-usb kernel: RSP: 0018:ffffb490c5aa3f50 EFLAGS: 00010202
> Jan 24 12:12:55 es-usb kernel: RAX: 00000000000003e7 RBX: 0000000000000000 RCX: 00007f7d7cf914d9
> Jan 24 12:12:55 es-usb kernel: RDX: 00007f7d7d67ef50 RSI: 00007f7d7d67f030 RDI: 0000000000000000
> Jan 24 12:12:55 es-usb kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000c
> Jan 24 12:12:55 es-usb kernel: R10: 00007f7d7d67e7a0 R11: ffff9c04b5e42e80 R12: 0000000000000000
> Jan 24 12:12:55 es-usb kernel: R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> Jan 24 12:12:55 es-usb kernel: FS: 00007f7d7d680700(0000) GS:ffff9c04b9e00000(0000) knlGS:0000000000000000
> Jan 24 12:12:55 es-usb kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Jan 24 12:12:55 es-usb kernel: CR2: 00007f7d7d67e7a0 CR3: 00000001a33b8000 CR4: 00000000001406f0
> Jan 24 12:12:55 es-usb kernel: Call Trace:
> Jan 24 12:12:55 es-usb kernel: ? entry_SYSCALL_64_fastpath+0x33/0xa3
> Jan 24 12:12:55 es-usb kernel: Code: Bad RIP value.
> Jan 24 12:12:55 es-usb kernel: RIP: 0x7f7d7d67e7a0 RSP: ffffb490c5aa3f50
> Jan 24 12:12:55 es-usb kernel: CR2: 00007f7d7d67e7a0
> Jan 24 12:12:55 es-usb kernel: ---[ end trace 3100a53c6de7c0c4 ]---
>
> Thanks for your help
>
> Damien
>
> To manage notifications about this bug go to:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.launchpad.net_ubuntu_-2Bsource_linux-2Dazure_-2Bbug_1745169_-2Bsubscriptions&d=DwIFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=z5XGstltxu4cfsKdlKwB7UfMhixnkYaDErhbw48DYF8&m=F0JqNyJ_FUcXTRZn6vZl3whHJGoJdnyD07nC65IlkGI&s=Dfglu8DyAAB981lxLWbAgJD8wnGaDgG5E3nqOQU2EaY&e=

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com