2020-01-08 16:01:54 |
Tyler Hicks |
bug |
|
|
added bug |
2020-01-08 16:02:19 |
Tyler Hicks |
nominated for series |
|
Ubuntu Disco |
|
2020-01-08 16:02:19 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Disco) |
|
2020-01-08 16:02:19 |
Tyler Hicks |
nominated for series |
|
Ubuntu Bionic |
|
2020-01-08 16:02:19 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Bionic) |
|
2020-01-08 16:02:19 |
Tyler Hicks |
nominated for series |
|
Ubuntu Focal |
|
2020-01-08 16:02:19 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Focal) |
|
2020-01-08 16:02:19 |
Tyler Hicks |
nominated for series |
|
Ubuntu Eoan |
|
2020-01-08 16:02:19 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Eoan) |
|
2020-01-08 16:02:29 |
Tyler Hicks |
linux (Ubuntu Eoan): status |
New |
Triaged |
|
2020-01-08 16:02:31 |
Tyler Hicks |
linux (Ubuntu Disco): status |
New |
Triaged |
|
2020-01-08 16:02:33 |
Tyler Hicks |
linux (Ubuntu Bionic): status |
New |
Triaged |
|
2020-01-08 16:02:35 |
Tyler Hicks |
linux (Ubuntu Eoan): importance |
Undecided |
High |
|
2020-01-08 16:02:37 |
Tyler Hicks |
linux (Ubuntu Disco): importance |
Undecided |
High |
|
2020-01-08 16:02:39 |
Tyler Hicks |
linux (Ubuntu Bionic): importance |
Undecided |
High |
|
2020-01-08 16:24:17 |
Tyler Hicks |
linux (Ubuntu Bionic): status |
Triaged |
In Progress |
|
2020-01-08 16:24:19 |
Tyler Hicks |
linux (Ubuntu Disco): status |
Triaged |
In Progress |
|
2020-01-08 16:24:20 |
Tyler Hicks |
linux (Ubuntu Eoan): status |
Triaged |
In Progress |
|
2020-01-08 16:24:22 |
Tyler Hicks |
linux (Ubuntu Focal): status |
Triaged |
In Progress |
|
2020-01-08 16:24:24 |
Tyler Hicks |
linux (Ubuntu Disco): assignee |
|
Tyler Hicks (tyhicks) |
|
2020-01-08 16:24:29 |
Tyler Hicks |
linux (Ubuntu Bionic): assignee |
|
Tyler Hicks (tyhicks) |
|
2020-01-08 16:24:35 |
Tyler Hicks |
linux (Ubuntu Eoan): assignee |
|
Tyler Hicks (tyhicks) |
|
2020-01-08 16:24:38 |
Tyler Hicks |
linux (Ubuntu Focal): assignee |
|
Tyler Hicks (tyhicks) |
|
2020-01-08 16:28:57 |
dann frazier |
bug |
|
|
added subscriber dann frazier |
2020-01-08 17:12:57 |
Tyler Hicks |
description |
[Impact]
It was discovered that upstream kernel commit cab15ce604e5 ("arm64: Introduce execute-only page access permissions"), which introduced execute-only user mappings, subverted the Privileged Access Never protections.
The fix is to effectively revert commit cab15ce604e5. This is done in upstream kernel commit 24cecc377463 ("arm64: Revert support for execute-only user mappings").
[Test Case]
I'm not aware of any PAN test cases. Booting our arm64 kernels on an ARMv8 device and running through our typical regression tests are probably the best we can do at this time.
[Regression Potential]
Touching the page handling code always carries significant risk. However, the fix is simply reverting the change that added the execute-only user mappings feature in v4.9. |
[Impact]
It was discovered that upstream kernel commit cab15ce604e5 ("arm64: Introduce execute-only page access permissions"), which introduced execute-only user mappings, subverted the Privileged Access Never protections.
The fix is to effectively revert commit cab15ce604e5. This is done in upstream kernel commit 24cecc377463 ("arm64: Revert support for execute-only user mappings").
[Test Case]
I'm not aware of any PAN test cases. Booting our arm64 kernels on an ARMv8 device and running through our typical regression tests is probably the best we can do at this time.
[Regression Potential]
Touching the page handling code always carries significant risk. However, the fix is simply reverting the change that added the execute-only user mappings feature in v4.9. |
|
2020-01-08 20:50:38 |
Marcelo Cerri |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-01-08 20:50:41 |
Marcelo Cerri |
linux (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
2020-01-08 20:50:42 |
Marcelo Cerri |
linux (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
2020-01-08 20:50:45 |
Marcelo Cerri |
linux (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2020-01-10 18:03:58 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-disco |
|
2020-01-16 01:06:49 |
Ubuntu Kernel Bot |
tags |
verification-needed-disco |
verification-needed-disco verification-needed-eoan |
|
2020-01-16 01:08:03 |
Ubuntu Kernel Bot |
tags |
verification-needed-disco verification-needed-eoan |
verification-needed-bionic verification-needed-disco verification-needed-eoan |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
linux (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-14615 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-18885 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19050 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19077 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19078 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19082 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19332 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2020-7053 |
|
2020-01-27 18:22:08 |
Launchpad Janitor |
linux (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
2020-01-27 18:42:17 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-03-16 23:19:02 |
Launchpad Janitor |
linux (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2020-03-16 23:19:02 |
Launchpad Janitor |
cve linked |
|
2019-19076 |
|