2020-02-11 21:00:15 |
Tyler Hicks |
bug |
|
|
added bug |
2020-02-11 21:00:26 |
Tyler Hicks |
nominated for series |
|
Ubuntu Bionic |
|
2020-02-11 21:00:26 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Bionic) |
|
2020-02-11 21:00:33 |
Tyler Hicks |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
2020-02-11 21:00:35 |
Tyler Hicks |
linux (Ubuntu Bionic): importance |
Undecided |
High |
|
2020-02-11 21:00:37 |
Tyler Hicks |
linux (Ubuntu Bionic): assignee |
|
Tyler Hicks (tyhicks) |
|
2020-02-11 21:00:40 |
Tyler Hicks |
linux (Ubuntu): status |
In Progress |
Invalid |
|
2020-02-11 21:01:43 |
Tyler Hicks |
description |
[Impact]
Gregory Herrero reported that the proof-of-concept for CVE-2019-14615 indicates that the information leak is not fixed in the Bionic 4.15 kernel as indicated by USN-4255-1:
https://usn.ubuntu.com/4255-1/
After bisecting changes to the DRM subsystem as well as the i915 driver, it looks like commit d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load") as well as some prerequisites are necessary.
[Test Case]
A proof-of-concept for CVE-2019-14615 became available once the issue was made public. It can be found here:
https://github.com/HE-Wenjian/iGPU-Leak
Steps to use the proof-of-concept:
$ git clone https://github.com/HE-Wenjian/iGPU-Leak.git
# In one terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_victim.sh
# In another terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_attacker.sh
# In the terminal running run_attacker.sh, ensure that all data dumped
# to the terminal is zeros and that there is no non-zero data. You'll
# have to closely monitor the script for a minute or so to ensure that
# the information leak is not possible.
[Regression Potential]
TODO |
[Impact]
Gregory Herrero reported that the proof-of-concept for CVE-2019-14615 indicates that the information leak is not fixed in the Bionic 4.15 kernel as indicated by USN-4255-1:
https://usn.ubuntu.com/4255-1/
After bisecting changes to the DRM subsystem as well as the i915 driver, it looks like commit d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load") as well as some prerequisites are necessary.
This only affects Ubuntu's 4.15 kernel series. Xenial (4.4), Disco (5.0), Eoan (5.3), and Focal (5.4) are not affected by this incomplete fix issue.
[Test Case]
A proof-of-concept for CVE-2019-14615 became available once the issue was made public. It can be found here:
https://github.com/HE-Wenjian/iGPU-Leak
Steps to use the proof-of-concept:
$ git clone https://github.com/HE-Wenjian/iGPU-Leak.git
# In one terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_victim.sh
# In another terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_attacker.sh
# In the terminal running run_attacker.sh, ensure that all data dumped
# to the terminal is zeros and that there is no non-zero data. You'll
# have to closely monitor the script for a minute or so to ensure that
# the information leak is not possible.
[Regression Potential]
TODO |
|
2020-02-11 21:09:20 |
Tyler Hicks |
description |
[Impact]
Gregory Herrero reported that the proof-of-concept for CVE-2019-14615 indicates that the information leak is not fixed in the Bionic 4.15 kernel as indicated by USN-4255-1:
https://usn.ubuntu.com/4255-1/
After bisecting changes to the DRM subsystem as well as the i915 driver, it looks like commit d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load") as well as some prerequisites are necessary.
This only affects Ubuntu's 4.15 kernel series. Xenial (4.4), Disco (5.0), Eoan (5.3), and Focal (5.4) are not affected by this incomplete fix issue.
[Test Case]
A proof-of-concept for CVE-2019-14615 became available once the issue was made public. It can be found here:
https://github.com/HE-Wenjian/iGPU-Leak
Steps to use the proof-of-concept:
$ git clone https://github.com/HE-Wenjian/iGPU-Leak.git
# In one terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_victim.sh
# In another terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_attacker.sh
# In the terminal running run_attacker.sh, ensure that all data dumped
# to the terminal is zeros and that there is no non-zero data. You'll
# have to closely monitor the script for a minute or so to ensure that
# the information leak is not possible.
[Regression Potential]
TODO |
[Impact]
Gregory Herrero reported that the proof-of-concept for CVE-2019-14615 indicates that the information leak is not fixed in the Bionic 4.15 kernel as indicated by USN-4255-1:
https://usn.ubuntu.com/4255-1/
This only affects Ubuntu's 4.15 kernel series. Xenial (4.4), Disco (5.0), Eoan (5.3), and Focal (5.4) are not affected by this incomplete fix issue.
I've verified this by testing each Ubuntu release with the proof-of-concept. I then tested vanilla 4.15 with commit bc8a76a152c5 ("drm/i915/gen9: Clear residual context state on context switch") applied, which is the fix for CVE-2019-14615, and verified that the proof-of-concept showed that the info leak was still possible. I then tested vanilla 4.16 with commit bc8a76a152c5 applied to verify that the proof-of-concept showed that the info leak was fixed.
After bisecting changes to the DRM subsystem as well as the i915 driver, it looks like commit d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load") as well as its prerequisites are necessary to fully fix CVE-2019-14615 in 4.15 based kernels.
[Test Case]
A proof-of-concept for CVE-2019-14615 became available once the issue was made public. It can be found here:
https://github.com/HE-Wenjian/iGPU-Leak
Steps to use the proof-of-concept:
$ git clone https://github.com/HE-Wenjian/iGPU-Leak.git
# In one terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_victim.sh
# In another terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_attacker.sh
# In the terminal running run_attacker.sh, ensure that all data dumped
# to the terminal is zeros and that there is no non-zero data. You'll
# have to closely monitor the script for a minute or so to ensure that
# the information leak is not possible.
[Regression Potential]
TODO |
|
2020-02-11 21:52:20 |
Seth Arnold |
cve linked |
|
2020-8832 |
|
2020-02-13 00:45:17 |
Tyler Hicks |
description |
[Impact]
Gregory Herrero reported that the proof-of-concept for CVE-2019-14615 indicates that the information leak is not fixed in the Bionic 4.15 kernel as indicated by USN-4255-1:
https://usn.ubuntu.com/4255-1/
This only affects Ubuntu's 4.15 kernel series. Xenial (4.4), Disco (5.0), Eoan (5.3), and Focal (5.4) are not affected by this incomplete fix issue.
I've verified this by testing each Ubuntu release with the proof-of-concept. I then tested vanilla 4.15 with commit bc8a76a152c5 ("drm/i915/gen9: Clear residual context state on context switch") applied, which is the fix for CVE-2019-14615, and verified that the proof-of-concept showed that the info leak was still possible. I then tested vanilla 4.16 with commit bc8a76a152c5 applied to verify that the proof-of-concept showed that the info leak was fixed.
After bisecting changes to the DRM subsystem as well as the i915 driver, it looks like commit d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load") as well as its prerequisites are necessary to fully fix CVE-2019-14615 in 4.15 based kernels.
[Test Case]
A proof-of-concept for CVE-2019-14615 became available once the issue was made public. It can be found here:
https://github.com/HE-Wenjian/iGPU-Leak
Steps to use the proof-of-concept:
$ git clone https://github.com/HE-Wenjian/iGPU-Leak.git
# In one terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_victim.sh
# In another terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_attacker.sh
# In the terminal running run_attacker.sh, ensure that all data dumped
# to the terminal is zeros and that there is no non-zero data. You'll
# have to closely monitor the script for a minute or so to ensure that
# the information leak is not possible.
[Regression Potential]
TODO |
[Impact]
Gregory Herrero reported that the proof-of-concept for CVE-2019-14615 indicates that the information leak is not fixed in the Bionic 4.15 kernel as indicated by USN-4255-1:
https://usn.ubuntu.com/4255-1/
This only affects Ubuntu's 4.15 kernel series. Xenial (4.4), Disco (5.0), Eoan (5.3), and Focal (5.4) are not affected by this incomplete fix issue.
I've verified this by testing each Ubuntu release with the proof-of-concept. I then tested vanilla 4.15 with commit bc8a76a152c5 ("drm/i915/gen9: Clear residual context state on context switch") applied, which is the fix for CVE-2019-14615, and verified that the proof-of-concept showed that the info leak was still possible. I then tested vanilla 4.16 with commit bc8a76a152c5 applied to verify that the proof-of-concept showed that the info leak was fixed.
After bisecting changes to the DRM subsystem as well as the i915 driver, it looks like commit d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load") as well as its prerequisites are necessary to fully fix CVE-2019-14615 in 4.15 based kernels.
[Test Case]
A proof-of-concept for CVE-2019-14615 became available once the issue was made public. It can be found here:
https://github.com/HE-Wenjian/iGPU-Leak
Steps to use the proof-of-concept:
$ git clone https://github.com/HE-Wenjian/iGPU-Leak.git
# In one terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_victim.sh
# In another terminal
$ cd iGPU-Leak/demo/SLM_Leak/
$ ./run_attacker.sh
# In the terminal running run_attacker.sh, ensure that all data dumped
# to the terminal is zeros and that there is no non-zero data. You'll
# have to closely monitor the script for a minute or so to ensure that
# the information leak is not possible.
[Regression Potential]
High as the changes are complex in comparison to the typical SRU. However, the bulk of the change is to the initialization stages of the driver and we're just pulling back changes that landed in 4.16-rc1 to our 4.15 kernel. I don't see any later Fixes tags that reference the needed commits. |
|
2020-02-13 03:29:33 |
Terry Rudd |
bug |
|
|
added subscriber Terry Rudd |
2020-02-14 06:42:50 |
Khaled El Mously |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-02-17 06:10:42 |
Gary Wang |
bug |
|
|
added subscriber Gary Wang |
2020-02-17 21:28:46 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-bionic |
|
2020-02-18 22:51:25 |
Tyler Hicks |
tags |
verification-needed-bionic |
verification-done-bionic |
|
2020-03-16 10:53:57 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-03-16 10:53:57 |
Launchpad Janitor |
cve linked |
|
2019-14615 |
|
2020-03-16 10:53:57 |
Launchpad Janitor |
cve linked |
|
2020-2732 |
|