Ubuntu
linux package

cve-2015-3290 in cve from ubuntu_ltp failed with B/D-i386

Bug #1837005 reported by Po-Hsu Lin on 2019-07-18

This bug affects 1 person

	Status	Importance	Assigned to
ubuntu-kernel-tests	New	Undecided	Unassigned
linux (Ubuntu)	Incomplete	Undecided	Unassigned
Bionic	New	Undecided	Unassigned
Disco	Won't Fix	Undecided	Unassigned

Bug Description

This issue was only spotted on an i386 node "pepe" with Disco kernel, passed with other arch with Disco.

On B/C i386, the CVE test was not successfully executed, failed with Resource temporarily unavailable.
Will need to verify this manually.

Test report:
<<<test_start>>>
tag=cve-2015-3290 stime=1563431630
cmdline="cve-2015-3290"
contacts=""
analysis=exit
<<<test_output>>>
incrementing stop
tst_test.c:1100: INFO: Timeout per run is 0h 03m 00s
cve-2015-3290.c:407: INFO: attempting to corrupt nested NMI stack state
cve-2015-3290.c:460: FAIL: corrupted NMI stack

Summary:
passed 0
failed 1
skipped 0
warnings 0

syslog output:
06:33:50 pepe kernel: [ 6042.144077] LTP: starting cve-2015-3290
06:33:50 pepe kernel: [ 6042.159521] perf: interrupt took too long (2518 > 2500), lowering kernel.perf_event_max_sample_rate to 79250
06:33:50 pepe kernel: [ 6042.159531] show_signal: 16 callbacks suppressed
06:33:50 pepe kernel: [ 6042.159532] traps: cve-2015-3290[7761] general protection fault ip:46c0ef sp:b7d43280 error:800
06:33:50 pepe AutotestCrashHandler: Application cve-2015-3290, PID 7760 crashed
06:33:50 pepe AutotestCrashHandler: Writing core files to ['/home/ubuntu/autotest/client/results/default/ubuntu_ltp.fs/debug/crash.cve-2015-3290.7760']
06:33:50 pepe AutotestCrashHandler: Could not determine from which application core file /home/ubuntu/autotest/client/results/default/ubuntu_ltp.fs/debug/crash.cve-2015-3290.7760/core is from

ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: linux-image-5.0.0-20-generic 5.0.0-20.21
ProcVersionSignature: User Name 5.0.0-20.21-generic 5.0.8
Uname: Linux 5.0.0-20-generic i686
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Jul 18 04:53 seq
crw-rw---- 1 root audio 116, 33 Jul 18 04:53 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.10-0ubuntu27.1
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:
[ 6042.144077] LTP: starting cve-2015-3290
[ 6042.159521] perf: interrupt took too long (2518 > 2500), lowering kernel.perf_event_max_sample_rate to 79250
[ 6042.159531] show_signal: 16 callbacks suppressed
[ 6042.159532] traps: cve-2015-3290[7761] general protection fault ip:46c0ef sp:b7d43280 error:800
Date: Thu Jul 18 06:36:51 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb:
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. PowerEdge R310
PciMultimedia:

ProcFB: 0 mgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.0.0-20-generic root=UUID=7b91a2b8-2e02-407e-a51d-766f6d969020 ro
RelatedPackageVersions:
linux-restricted-modules-5.0.0-20-generic N/A
linux-backports-modules-5.0.0-20-generic N/A
linux-firmware 1.178.2
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/17/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.8.2
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.8.2:bd08/17/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-07-18:

CRDA.txt Edit (454 bytes, text/plain; charset="utf-8")
Dependencies.txt Edit (2.5 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (19.5 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (7.6 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (971 bytes, text/plain; charset="utf-8")
ProcEnviron.txt Edit (270 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (6.5 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (2.7 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (111.4 KiB, text/plain; charset="utf-8")
WifiSyslog.txt Edit (70.1 KiB, text/plain; charset="utf-8")

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-07-18:

From the description of this CVE[1]:
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64
platform improperly relies on espfix64 during nested NMI processing, which
allows local users to gain privileges by triggering an NMI within a certain
instruction window.

It looks like this is x86_64 specific.

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-07-18: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1837005

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-07-18: Re: cve-2015-3290 in cve from ubuntu_ltp failed with D-i386

Test case from LTP
https://github.com/linux-test-project/ltp/blob/master/testcases/cve/cve-2015-3290.c

summary:	- cve-2015-3290 in cve from ubuntu_ltp failed with D-i386 + cve-2015-3290 in cve from ubuntu_ltp failed with B/D-i386
tags:	added: 4.15 5.0 sru-20190701 ubuntu-ltp

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-07-18:

From the test source code, it looks like this was designed for both x86_64 and i386

#if HAVE_PERF_EVENT_ATTR && (defined(__x86_64__) || defined(__i386__))

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2019-07-22:

BTW this is causing failure to the following test, cve-2017-17053 to fail with "kernel already tainted."

Sean Feole (sfeole) on 2019-12-16

tags:

added: sru-20191202

Po-Hsu Lin (cypressyew) on 2020-06-18

tags:

added: sru-20200608

Steve Langasek (vorlon) on 2020-07-02

Changed in linux (Ubuntu Disco):
status:	New → Won't Fix

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2020-09-30:

Still affecting B-5.4 i386

tags:

added: sru-20200921

Po-Hsu Lin (cypressyew) on 2020-11-05

tags:

added: 5.4

Kelsey Steele (kelsey-steele) on 2021-02-19

tags:

added: sru-20210125

Kelsey Steele (kelsey-steele) on 2021-03-11

tags:

added: bionic hwe-5.4 sru-20210222

Kelsey Steele (kelsey-steele) on 2021-04-10

tags:

added: sru-20210315

Kelsey Steele (kelsey-steele) on 2021-04-10

tags:

added: hwe

Kleber Sacilotto de Souza (kleber-souza) on 2021-09-03

tags:

added: sru-20210816

Po-Hsu Lin (cypressyew) on 2021-12-24

tags:

added: sru-20211129

Po-Hsu Lin (cypressyew) on 2023-12-19

tags:

added: ubuntu-ltp-cve
removed: ubuntu-ltp

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

cve-2015-3290 in cve from ubuntu_ltp failed with B/D-i386

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package