[UBUNTU] qeth: fix length check in SNMP processing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Ubuntu on IBM z Systems |
High
|
Canonical Kernel Team | ||
| linux (Ubuntu) |
High
|
Unassigned | ||
| Bionic |
High
|
Unassigned | ||
| Cosmic |
High
|
Unassigned | ||
| Disco |
High
|
Unassigned |
Bug Description
== SRU Justification ==
The response for a SNMP request can consist of multiple parts,
which the cmd callback stages into a kernel buffer until all
parts have been received. If the callback detects that the
This processing is buggy for the first part of the response -
while it initially checks for a length of 'data_len', it later
== Fix ==
9a764c1e5968 ("s390/qeth: fix length check in SNMP processing")
== Regression Potential ==
Low. Changes limited to s390.
== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.
== Original bug description ==
Description: qeth: fix length check in SNMP processing
Symptom: Undefined behaviour.
Problem: The response for a SNMP request can consist of multiple parts,
which the cmd callback stages into a kernel buffer until all
parts have been received. If the callback detects that the
This processing is buggy for the first part of the response -
while it initially checks for a length of 'data_len', it later
Solution: Fix the calculation of 'data_len' for the first part of the
Upstream-ID: 9a764c1e59684c0
Should be applied to all Ubuntu Releases in Service
CVE References
tags: | added: architecture-s39064 bugnameltc-173661 severity-high targetmilestone-inin1810 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Canonical Kernel Team (canonical-kernel-team) |
tags: | added: kernel-da-key |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | Skipper Bug Screeners (skipper-screen-team) → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Cosmic): | |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in linux (Ubuntu Cosmic): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Cosmic): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in ubuntu-z-systems: | |
status: | Triaged → In Progress |
Joseph Salisbury (jsalisbury) wrote : | #1 |
------- Comment From <email address hidden> 2018-12-04 04:15 EDT-------
Fix verified upfront via upstream integration
Joseph Salisbury (jsalisbury) wrote : | #3 |
SRU request submitted:
https:/
description: | updated |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Cosmic): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Brad Figg (brad-figg) wrote : | #4 |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: verification-needed-cosmic |
tags: | added: verification-needed-bionic |
Brad Figg (brad-figg) wrote : | #5 |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
bugproxy (bugproxy) wrote : | #6 |
------- Comment From <email address hidden> 2019-01-15 08:06 EDT-------
Fix verified upfront via upstream integration, as verification statement from IBM
Frank Heimes (fheimes) wrote : | #7 |
adjusting tags according to #6
Changed in linux (Ubuntu Bionic): | |
assignee: | Joseph Salisbury (jsalisbury) → nobody |
Changed in linux (Ubuntu Cosmic): | |
assignee: | Joseph Salisbury (jsalisbury) → nobody |
Changed in linux (Ubuntu Disco): | |
assignee: | Joseph Salisbury (jsalisbury) → nobody |
Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package linux - 4.15.0-44.47
---------------
linux (4.15.0-44.47) bionic; urgency=medium
* linux: 4.15.0-44.47 -proposed tracker (LP: #1811419)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* CPU hard lockup with rigorous writes to NVMe drive (LP: #1810998)
- blk-wbt: pass in enum wbt_flags to get_rq_wait()
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait
- blk-wbt: move disable check into get_limit()
- blk-wbt: use wq_has_sleeper() for wq active check
- blk-wbt: fix has-sleeper queueing check
- blk-wbt: abstract out end IO completion handler
- blk-wbt: improve waking of tasks
* To reduce the Realtek USB cardreader power consumption (LP: #1811337)
- mmc: sdhci: Disable 1.8v modes (HS200/HS400/UHS) if controller can't support
1.8v
- mmc: core: Introduce MMC_CAP_
- mmc: rtsx_usb_sdmmc: Don't runtime resume the device while changing led
- mmc: rtsx_usb: Use MMC_CAP2_NO_SDIO
- mmc: rtsx_usb: Enable MMC_CAP_ERASE to allow erase/discard/trim requests
- mmc: rtsx_usb_sdmmc: Re-work runtime PM support
- mmc: rtsx_usb_sdmmc: Re-work card detection/removal support
- memstick: rtsx_usb_ms: Add missing pm_runtime_
- misc: rtsx_usb: Use USB remote wakeup signaling for card insertion detection
- memstick: Prevent memstick host from getting runtime suspended during card
detection
- memstick: rtsx_usb_ms: Use ms_dev() helper
- memstick: rtsx_usb_ms: Support runtime power management
* Support non-strict iommu mode on arm64 (LP: #1806488)
- iommu/io-
- iommu/arm-smmu-v3: Implement flush_iotlb_all hook
- iommu/dma: Add support for non-strict mode
- iommu: Add "iommu.strict" command line option
- iommu/io-
- iommu/arm-smmu-v3: Add support for non-strict mode
- iommu/io-
- iommu/arm-smmu: Support non-strict mode
* ELAN900C:00 04F3:2844 touchscreen doesn't work (LP: #1811335)
- pinctrl: cannonlake: Fix community ordering for H variant
- pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant
* Add Cavium ThunderX2 SoC UNCORE PMU driver (LP: #1811200)
- perf: Export perf_event_
- Documentation: perf: Add documentation for ThunderX2 PMU uncore driver
- drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver
- [Config] New config CONFIG_
* Update hisilicon SoC-specific drivers (LP: #1810457)
- SAUCE: Revert "net: hns3: Updates RX packet info fetch in case of multi BD"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
resetting"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: Use roce handle when calling roce
callback function"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: Add calling roce callback
function when link status change"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: optimize the process of notifying
roce client"
- Revert "UBUNTU: S...
Changed in linux (Ubuntu Bionic): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #9 |
This bug was fixed in the package linux - 4.18.0-14.15
---------------
linux (4.18.0-14.15) cosmic; urgency=medium
* linux: 4.18.0-14.15 -proposed tracker (LP: #1811406)
* CPU hard lockup with rigorous writes to NVMe drive (LP: #1810998)
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait
- blk-wbt: move disable check into get_limit()
- blk-wbt: use wq_has_sleeper() for wq active check
- blk-wbt: fix has-sleeper queueing check
- blk-wbt: abstract out end IO completion handler
- blk-wbt: improve waking of tasks
* To reduce the Realtek USB cardreader power consumption (LP: #1811337)
- mmc: core: Introduce MMC_CAP_
- mmc: rtsx_usb_sdmmc: Don't runtime resume the device while changing led
- mmc: rtsx_usb_sdmmc: Re-work runtime PM support
- mmc: rtsx_usb_sdmmc: Re-work card detection/removal support
- memstick: rtsx_usb_ms: Add missing pm_runtime_
- misc: rtsx_usb: Use USB remote wakeup signaling for card insertion detection
- memstick: Prevent memstick host from getting runtime suspended during card
detection
- memstick: rtsx_usb_ms: Use ms_dev() helper
- memstick: rtsx_usb_ms: Support runtime power management
* Support non-strict iommu mode on arm64 (LP: #1806488)
- iommu/io-
- iommu/arm-smmu-v3: Implement flush_iotlb_all hook
- iommu/dma: Add support for non-strict mode
- iommu: Add "iommu.strict" command line option
- iommu/io-
- iommu/arm-smmu-v3: Add support for non-strict mode
- iommu/io-
- iommu/arm-smmu: Support non-strict mode
* [Regression] crashkernel fails on HiSilicon D05 (LP: #1806766)
- efi: honour memory reservations passed via a linux specific config table
- efi/arm: libstub: add a root memreserve config table
- efi: add API to reserve memory persistently across kexec reboot
- irqchip/gic-v3-its: Change initialization ordering for LPIs
- irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage
- irqchip/gic-v3-its: Split property table clearing from allocation
- irqchip/gic-v3-its: Move pending table allocation to init time
- irqchip/gic-v3-its: Keep track of property table's PA and VA
- irqchip/gic-v3-its: Allow use of pre-programmed LPI tables
- irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump
kernels
- irqchip/gic-v3-its: Check that all RDs have the same property table
- irqchip/gic-v3-its: Register LPI tables with EFI config table
- irqchip/gic-v3-its: Allow use of LPI tables in reserved memory
- arm64: memblock: don't permit memblock resizing until linear mapping is up
- efi/arm: Defer persistent reservations until after paging_init()
- efi: Permit calling efi_mem_
- efi: Prevent GICv3 WARN() by mapping the memreserve table before first use
* ELAN900C:00 04F3:2844 touchscreen doesn't work (LP: #1811335)
- pinctrl: cannonlake: Fix community ordering for H variant
- pinctrl: c...
Changed in linux (Ubuntu Cosmic): | |
status: | Fix Committed → Fix Released |
Frank Heimes (fheimes) wrote : | #10 |
Just verified that this patch already landed in disco kernel Ubuntu-4.19.0-9.10, hence changing to Fix Released since we have linux-generic 4.19.0.12.13 in disco as of today.
Changed in linux (Ubuntu Disco): | |
status: | Fix Committed → Fix Released |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
Frank Heimes (fheimes) wrote : | #11 |
This patch already landed in disco's Ubuntu-4.19.0-9.10 and since linux-generic 4.19.0.12.13 landed in the disco release pocket today, I change the disco entry from Fix Committed to Fix Released.
bugproxy (bugproxy) wrote : | #12 |
------- Comment From <email address hidden> 2019-02-05 05:26 EDT-------
IBM Bugzilla status-> closed, Fix Released for all relevant distros
tags: |
added: kernel-fixup-verification-needed-bionic removed: verification-needed-bionic |
Brad Figg (brad-figg) wrote : | #13 |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: verification-needed-bionic |
Andy Whitcroft (apw) wrote : | #14 |
This bug was erroneously marked for verification in bionic; verification is not required and verification-
tags: | removed: verification-needed-bionic |
tags: | added: verification-done-bionic |
tags: | added: cscc |
I built Bionic, Cosmic and Disco test kernel with commit 9a764c1e59684c0 358e16ccaafd870 629f2cfe67. The test kernel can be downloaded from: kernel. ubuntu. com/~jsalisbury /lp1805802
http://
Can you test this kernel and see if it resolves this bug?
Note about installing test kernels: unsigned .deb packages.
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-
Thanks in advance!