Ubuntu
linux package

cve-2017-7616 in cve from ubuntu_ltp failed on bionic with linux/linux-hwe-5.4 on i386

  1. Focal (20.04)
  2. Bug #1942612
Bug #1942612 reported by Kleber Sacilotto de Souza
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
New
Undecided
Unassigned
linux (Ubuntu)
Incomplete
Undecided
Unassigned
Bionic
Confirmed
Undecided
Unassigned
Focal
Confirmed
Undecided
Unassigned

Bug Description

ubuntu_ltp.cve cve-2017-7616 testcase output:

16:10:41 DEBUG| [stdout] startup='Sun Aug 29 15:53:35 2021'
16:10:41 DEBUG| [stdout] tst_test.c:1346: TINFO: Timeout per run is 0h 05m 00s
16:10:41 DEBUG| [stdout] set_mempolicy05.c:66: TINFO: stack pattern is in 0xbf996ccc-0xbf9970cc
16:10:41 DEBUG| [stdout] set_mempolicy05.c:111: TFAIL: set_mempolicy should fail with EFAULT or EINVAL, instead returned 38
16:10:41 DEBUG| [stdout]
16:10:41 DEBUG| [stdout] HINT: You _MAY_ be missing kernel fixes, see:
16:10:41 DEBUG| [stdout]
16:10:41 DEBUG| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8
16:10:41 DEBUG| [stdout]
16:10:41 DEBUG| [stdout] HINT: You _MAY_ be vulnerable to CVE(s), see:
16:10:41 DEBUG| [stdout]
16:10:41 DEBUG| [stdout] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2017-7616
16:10:41 DEBUG| [stdout]
16:10:41 DEBUG| [stdout] Summary:
16:10:41 DEBUG| [stdout] passed 0
16:10:41 DEBUG| [stdout] failed 1
16:10:41 DEBUG| [stdout] broken 0
16:10:41 DEBUG| [stdout] skipped 0
16:10:41 DEBUG| [stdout] warnings 0
16:10:41 DEBUG| [stdout] tag=cve-2017-7616 stime=1630252415 dur=0 exit=exited stat=1 core=no cu=0 cs=0

This is not a regression as this is a new testcase which runs only on 32-bit systems (i386 and powerpc). This test was added by ltp commit 6feed808040a86c54b7ab2dd3839fefd819a42cc (Add set_mempolicy05, CVE-2017-7616).

The commit sha1 (cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 - mm/mempolicy.c: fix error handling in set_mempolicy and mbind.) which fixes this CVE according to https://ubuntu.com/security/CVE-2017-7616, was applied upstream for v4.11-rc6, so both focal/linux and bionic/linux supposedly contain the fix.

See original description
Kleber Sacilotto de Souza (kleber-souza)
summary: - cve-2017-7616 in cve from ubuntu_ltp failed with b/hwe-5.4 on i386
+ cve-2017-7616 in cve from ubuntu_ltp failed on bionic with linux/linux-
+ hwe-5.4 on i386
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1942612

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Bionic):
status: New → Incomplete
Changed in linux (Ubuntu Focal):
status: New → Incomplete
tags: added: bionic
Kleber Sacilotto de Souza (kleber-souza)
description: updated
tags: added: 4.15 5.4 focal hwe-5.4 i386 sru-20210816 ubuntu-ltp
Changed in linux (Ubuntu Bionic):
status: Incomplete → Confirmed
Changed in linux (Ubuntu Focal):
status: Incomplete → Confirmed
Po-Hsu Lin (cypressyew)
tags: added: sru-20211129
Po-Hsu Lin (cypressyew)
tags: added: ubuntu-ltp-cve
removed: ubuntu-ltp
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.