| 2020-06-18 22:42:26 |
Seth Forshee |
bug |
|
|
added bug |
| 2020-06-18 22:46:32 |
Seth Forshee |
nominated for series |
|
Ubuntu Eoan |
|
| 2020-06-18 22:46:32 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Eoan) |
|
| 2020-06-18 22:46:32 |
Seth Forshee |
nominated for series |
|
Ubuntu Focal |
|
| 2020-06-18 22:46:32 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Focal) |
|
| 2020-06-18 22:46:32 |
Seth Forshee |
nominated for series |
|
Ubuntu Xenial |
|
| 2020-06-18 22:46:32 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Xenial) |
|
| 2020-06-18 22:46:32 |
Seth Forshee |
nominated for series |
|
Ubuntu Bionic |
|
| 2020-06-18 22:46:32 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2020-06-18 22:46:42 |
Seth Forshee |
linux (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2020-06-18 22:46:58 |
Seth Forshee |
linux (Ubuntu Xenial): importance |
Undecided |
Critical |
|
| 2020-06-18 22:46:58 |
Seth Forshee |
linux (Ubuntu Xenial): status |
New |
In Progress |
|
| 2020-06-18 22:46:58 |
Seth Forshee |
linux (Ubuntu Xenial): assignee |
|
Seth Forshee (sforshee) |
|
| 2020-06-18 22:47:10 |
Seth Forshee |
linux (Ubuntu Bionic): importance |
Undecided |
Critical |
|
| 2020-06-18 22:47:10 |
Seth Forshee |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2020-06-18 22:47:10 |
Seth Forshee |
linux (Ubuntu Bionic): assignee |
|
Seth Forshee (sforshee) |
|
| 2020-06-18 22:47:21 |
Seth Forshee |
linux (Ubuntu Eoan): importance |
Undecided |
Critical |
|
| 2020-06-18 22:47:21 |
Seth Forshee |
linux (Ubuntu Eoan): status |
New |
In Progress |
|
| 2020-06-18 22:47:21 |
Seth Forshee |
linux (Ubuntu Eoan): assignee |
|
Seth Forshee (sforshee) |
|
| 2020-06-18 22:47:34 |
Seth Forshee |
linux (Ubuntu Focal): importance |
Undecided |
Critical |
|
| 2020-06-18 22:47:34 |
Seth Forshee |
linux (Ubuntu Focal): status |
New |
In Progress |
|
| 2020-06-18 22:47:34 |
Seth Forshee |
linux (Ubuntu Focal): assignee |
|
Seth Forshee (sforshee) |
|
| 2020-06-19 16:31:57 |
Seth Forshee |
description |
Impact: The lockdown patches have evolved over time, and part of this was restricting more areas of the kernel. Not all of these additions were backported, and some can lead to lockdown bypasses, see [1] and [2].
Fix: Backport newer lockdown restrictions to older releases.
Test Case: Test cases for most of the backports can be found at [3], and [4] is another test case. Some which need e.g. specific hardware to test have not been tested.
Regression Potential: Most of these are small, simple fixes with low potential for regression. Users may also lose access to some functionality previously accissible under secure boot. Some changes are more substantial, especially the hw_param changes for xenial, but they are based on well-tested upstream code. The xmon backports also carry a more moderate risk of regression.
[1] https://lists.ubuntu.com/archives/kernel-team/2020-June/111050.html
[2] https://lore.kernel.org/lkml/20200615104332.901519-1-Jason@zx2c4.com/
[3] https://git.launchpad.net/~sforshee/+git/lockdown-tests
[4] https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh |
Impact: The lockdown patches have evolved over time, and part of this was restricting more areas of the kernel. Not all of these additions were backported, and some can lead to lockdown bypasses, see [1] and [2].
Fix: Backport newer lockdown restrictions to older releases.
Test Case: Test cases for most of the backports can be found at [3], and [4] is another test case. Some which need e.g. specific hardware to test have not been tested.
Regression Potential: Most of these are small, simple fixes with low potential for regression. Users may also lose access to some functionality previously accissible under secure boot. Some changes are more substantial, especially the hw_param and debugfs changes for xenial, but they are based on well-tested upstream code. The xmon backports also carry a more moderate risk of regression.
[1] https://lists.ubuntu.com/archives/kernel-team/2020-June/111050.html
[2] https://lore.kernel.org/lkml/20200615104332.901519-1-Jason@zx2c4.com/
[3] https://git.launchpad.net/~sforshee/+git/lockdown-tests
[4] https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh |
|
| 2020-06-30 03:58:05 |
Khaled El Mously |
linux (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
| 2020-06-30 03:58:56 |
Khaled El Mously |
linux (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2020-06-30 04:01:23 |
Khaled El Mously |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2020-06-30 04:03:30 |
Khaled El Mously |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2020-07-03 11:32:10 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-eoan |
|
| 2020-07-06 07:20:53 |
AceLan Kao |
bug task added |
|
linux-oem-osp1 (Ubuntu) |
|
| 2020-07-06 07:21:01 |
AceLan Kao |
bug task deleted |
linux-oem-osp1 (Ubuntu Xenial) |
|
|
| 2020-07-06 07:21:09 |
AceLan Kao |
bug task deleted |
linux-oem-osp1 (Ubuntu Eoan) |
|
|
| 2020-07-06 07:21:16 |
AceLan Kao |
bug task deleted |
linux-oem-osp1 (Ubuntu Focal) |
|
|
| 2020-07-06 07:21:23 |
AceLan Kao |
linux-oem-osp1 (Ubuntu): status |
New |
Invalid |
|
| 2020-07-06 07:21:28 |
AceLan Kao |
linux-oem-osp1 (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2020-07-06 15:21:57 |
Ubuntu Kernel Bot |
tags |
verification-needed-eoan |
verification-needed-eoan verification-needed-focal |
|
| 2020-07-06 16:42:36 |
Ubuntu Kernel Bot |
tags |
verification-needed-eoan verification-needed-focal |
verification-needed-bionic verification-needed-eoan verification-needed-focal |
|
| 2020-07-07 06:37:10 |
Ubuntu Kernel Bot |
tags |
verification-needed-bionic verification-needed-eoan verification-needed-focal |
verification-needed-bionic verification-needed-eoan verification-needed-focal verification-needed-xenial |
|
| 2020-07-16 13:13:08 |
Seth Forshee |
tags |
verification-needed-bionic verification-needed-eoan verification-needed-focal verification-needed-xenial |
verification-done-bionic verification-done-eoan verification-done-focal verification-done-xenial |
|
| 2020-07-20 16:18:05 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2020-07-20 16:18:05 |
Launchpad Janitor |
cve linked |
|
2019-16089 |
|
| 2020-07-20 16:18:05 |
Launchpad Janitor |
cve linked |
|
2019-19642 |
|
| 2020-07-20 16:18:05 |
Launchpad Janitor |
cve linked |
|
2020-11935 |
|
| 2020-07-20 21:55:56 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-07-20 21:55:56 |
Launchpad Janitor |
cve linked |
|
2020-10757 |
|
| 2020-07-20 22:02:24 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2020-07-20 22:02:24 |
Launchpad Janitor |
cve linked |
|
2019-12380 |
|
| 2020-07-27 15:02:32 |
Launchpad Janitor |
linux-oem-osp1 (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-07-27 15:04:04 |
Launchpad Janitor |
linux (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
| 2020-07-28 00:57:39 |
Launchpad Janitor |
linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2020-08-12 14:58:25 |
Launchpad Janitor |
linux-oem-osp1 (Ubuntu): status |
Invalid |
Fix Released |
|
