Exploitable vulnerabilities in AF_VSOCK implementation

Bug #1914668 reported by Kamal Mostafa on 2021-02-04
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Hirsute
Groovy
High
Kamal Mostafa
Hirsute
High
Kamal Mostafa
linux-hwe-5.8 (Ubuntu)
Undecided
Unassigned
Focal
High
Kamal Mostafa
linux-oem-5.6 (Ubuntu)
Critical
Thadeu Lima de Souza Cascardo
linux-riscv (Ubuntu)
Undecided
Unassigned

Bug Description

https://www.openwall.com/lists/oss-security/2021/02/04/5

The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}:

[linux] c518adafa39f vsock: fix the race conditions in multi-transport support

or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support

[Impact]

 * Patches an exploitable vulnerability.

[Test Case]

 * See disclosure article.

[Regression Potential]

 * Low: straightforward race condition fix; upstream cherry-pick.

CVE References

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1914668

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Groovy):
status: New → Incomplete
description: updated
description: updated
description: updated
Kamal Mostafa (kamalmostafa) wrote :
Changed in linux (Ubuntu Groovy):
status: Incomplete → In Progress
Changed in linux (Ubuntu Hirsute):
status: Incomplete → In Progress
Changed in linux (Ubuntu Groovy):
importance: Undecided → High
Changed in linux (Ubuntu Hirsute):
importance: Undecided → High
no longer affects: linux-hwe-5.8 (Ubuntu Groovy)
no longer affects: linux-hwe-5.8 (Ubuntu Hirsute)
no longer affects: linux (Ubuntu Focal)
Changed in linux-hwe-5.8 (Ubuntu Focal):
status: New → In Progress
importance: Undecided → High
Changed in linux (Ubuntu Groovy):
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Hirsute):
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux-hwe-5.8 (Ubuntu Focal):
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Groovy):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Hirsute):
status: In Progress → Fix Committed
Changed in linux-riscv (Ubuntu):
status: New → Fix Committed
Changed in linux-oem-5.6 (Ubuntu):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
importance: Undecided → Critical
status: New → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed-groovy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-groovy

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-hwe-5.8 - 5.8.0-43.49~20.04.1

---------------
linux-hwe-5.8 (5.8.0-43.49~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-43.49~20.04.1 -proposed tracker (LP: #1914688)

  [ Ubuntu: 5.8.0-43.49 ]

  * groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
    - vsock: fix the race conditions in multi-transport support

 -- Kleber Sacilotto de Souza <email address hidden> Fri, 05 Feb 2021 10:18:10 +0100

Changed in linux-hwe-5.8 (Ubuntu Focal):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.8.0-43.49

---------------
linux (5.8.0-43.49) groovy; urgency=medium

  * groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
    - vsock: fix the race conditions in multi-transport support

 -- Khalid Elmously <email address hidden> Thu, 04 Feb 2021 21:41:23 -0500

Changed in linux (Ubuntu Groovy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-riscv - 5.8.0-16.18

---------------
linux-riscv (5.8.0-16.18) groovy; urgency=medium

  * groovy/linux-riscv: 5.8.0-16.18 -proposed tracker (LP: #1914687)

  [ Ubuntu: 5.8.0-43.49 ]

  * groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
    - vsock: fix the race conditions in multi-transport support

  [ Ubuntu: 5.8.0-41.46 ]

  * groovy/linux: 5.8.0-41.46 -proposed tracker (LP: #1912219)
  * Groovy update: upstream stable patchset 2020-12-17 (LP: #1908555) // nvme
    drive fails after some time (LP: #1910866)
    - Revert "nvme-pci: remove last_sq_tail"
  * initramfs unpacking failed (LP: #1835660)
    - SAUCE: lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
  * overlay: permission regression in 5.4.0-51.56 due to patches related to
    CVE-2020-16120 (LP: #1900141)
    - ovl: do not fail because of O_NOATIME

  [ Ubuntu: 5.8.0-40.45 ]

  * Packaging resync (LP: #1786013)
    - update dkms package versions

 -- Stefan Bader <email address hidden> Fri, 05 Feb 2021 09:13:11 +0100

Changed in linux-riscv (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-oem-5.6 - 5.6.0-1047.51

---------------
linux-oem-5.6 (5.6.0-1047.51) focal; urgency=medium

  * focal/linux-oem-5.6: 5.6.0-1047.51 -proposed tracker (LP: #1914751)

  * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
    - vsock: fix the race conditions in multi-transport support

 -- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 05 Feb 2021 08:01:29 -0300

Changed in linux-oem-5.6 (Ubuntu):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) on 2021-03-26
Changed in linux-hwe-5.8 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers