| 2019-11-11 22:29:02 |
Tyler Hicks |
bug |
|
|
added bug |
| 2019-11-11 22:29:17 |
Tyler Hicks |
nominated for series |
|
Ubuntu Disco |
|
| 2019-11-11 22:29:17 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Disco) |
|
| 2019-11-11 22:29:17 |
Tyler Hicks |
nominated for series |
|
Ubuntu Xenial |
|
| 2019-11-11 22:29:17 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Xenial) |
|
| 2019-11-11 22:29:17 |
Tyler Hicks |
nominated for series |
|
Ubuntu Eoan |
|
| 2019-11-11 22:29:17 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Eoan) |
|
| 2019-11-11 22:29:17 |
Tyler Hicks |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-11-11 22:29:17 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-11-11 22:29:33 |
Tyler Hicks |
bug |
|
|
added subscriber Canonical Kernel Security Team |
| 2019-11-12 02:37:55 |
Tyler Hicks |
linux (Ubuntu Xenial): status |
New |
In Progress |
|
| 2019-11-12 02:37:57 |
Tyler Hicks |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2019-11-12 02:37:59 |
Tyler Hicks |
linux (Ubuntu Disco): status |
New |
In Progress |
|
| 2019-11-12 02:38:01 |
Tyler Hicks |
linux (Ubuntu Eoan): status |
New |
In Progress |
|
| 2019-11-12 02:38:03 |
Tyler Hicks |
linux (Ubuntu Xenial): importance |
Undecided |
Critical |
|
| 2019-11-12 02:38:05 |
Tyler Hicks |
linux (Ubuntu Bionic): importance |
Undecided |
Critical |
|
| 2019-11-12 02:38:06 |
Tyler Hicks |
linux (Ubuntu Disco): importance |
Undecided |
Critical |
|
| 2019-11-12 02:38:07 |
Tyler Hicks |
linux (Ubuntu Eoan): importance |
Undecided |
Critical |
|
| 2019-11-12 02:38:10 |
Tyler Hicks |
linux (Ubuntu Eoan): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2019-11-12 02:38:11 |
Tyler Hicks |
linux (Ubuntu Disco): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2019-11-12 02:38:13 |
Tyler Hicks |
linux (Ubuntu Bionic): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2019-11-12 02:38:14 |
Tyler Hicks |
linux (Ubuntu Xenial): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2019-11-12 06:26:08 |
Tyler Hicks |
summary |
incomplete fix |
CVE-2019-0155: incomplete fix for 64-bit x86 kernels |
|
| 2019-11-12 06:30:50 |
Tyler Hicks |
description |
- |
[Impact]
The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems.
[Test Case]
Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work.
[Regression Potential]
Low, the fix is obviously correct and, AAUI, the affected code path should only be legitimately used by the test suite. |
|
| 2019-11-12 09:56:28 |
Stefan Bader |
linux (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
| 2019-11-12 09:56:33 |
Stefan Bader |
linux (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
| 2019-11-12 09:56:38 |
Stefan Bader |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2019-11-12 10:32:56 |
Stefan Bader |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2019-11-12 18:33:35 |
Tyler Hicks |
description |
[Impact]
The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems.
[Test Case]
Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work.
[Regression Potential]
Low, the fix is obviously correct and, AAUI, the affected code path should only be legitimately used by the test suite. |
[Impact]
The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems.
The following upstream patch is needed:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea0b163b13ffc52818c079adb00d55e227a6da6f
[Test Case]
Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work.
[Regression Potential]
Low, the fix is obviously correct and, AAUI, the affected code path should only be legitimately used by the test suite. |
|
| 2019-11-12 18:34:31 |
Tyler Hicks |
description |
[Impact]
The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems.
The following upstream patch is needed:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea0b163b13ffc52818c079adb00d55e227a6da6f
[Test Case]
Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work.
[Regression Potential]
Low, the fix is obviously correct and, AAUI, the affected code path should only be legitimately used by the test suite. |
[Impact]
The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems.
The following upstream patch is needed:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea0b163b13ffc52818c079adb00d55e227a6da6f
[Test Case]
Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work.
[Regression Potential]
Low, the fix is simple, tested, and, AAUI, the affected code path should only be legitimately used by the test suite. |
|
| 2019-11-12 18:34:39 |
Tyler Hicks |
information type |
Private Security |
Public Security |
|
| 2019-11-13 15:25:57 |
Launchpad Janitor |
linux (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
| 2019-11-13 15:25:57 |
Launchpad Janitor |
cve linked |
|
2019-0155 |
|
| 2019-11-13 15:26:35 |
Launchpad Janitor |
linux (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2019-11-13 15:27:09 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-11-13 15:29:46 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2019-12-06 15:57:44 |
Launchpad Janitor |
linux (Ubuntu): status |
Triaged |
Fix Released |
|
| 2019-12-06 15:57:44 |
Launchpad Janitor |
cve linked |
|
2019-15794 |
|
