Security-Fix Xen XSA 371 for Kernel 5.4.0-71

Bug #1921902 reported by Jan Kellermann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Tim Gardner
Xenial
Medium
Tim Gardner
Bionic
Medium
Tim Gardner
Focal
Medium
Tim Gardner
Groovy
Medium
Tim Gardner
Hirsute
Medium
Tim Gardner

Bug Description

[SRU Justification]

See [XSA 371](http://xenbits.xen.org/xsa/advisory-371.html). commit 871997bc9e423f05c7da7c9178e62dde5df2a7f8 ("xen-blkback: fix error handling in xen_blkbk_map()") introduced a security vulnerability.

Original Commit:
871997bc9e423f05c7da7c9178e62dde5df2a7f8 ("xen-blkback: fix error handling in xen_blkbk_map()")

New commit with security fix:
a846738f8c3788d846ed1f587270d2f2e3d32432 ("xen-blkback: don't leak persistent grants from xen_blkbk_map()")

[Test Plan]
none

[Where problems could occur]
Unknown

[Other Info]
- http://xenbits.xen.org/xsa/advisory-371.html
- http://xenbits.xen.org/xsa/xsa371-linux.patch
- http://xenbits.xen.org/xsa/advisory-365.html
- http://xenbits.xen.org/xsa/xsa365-linux.patch

summary: - Securit-Fix Xen XSA 371 for Kernel 5.4.0-71
+ Security-Fix Xen XSA 371 for Kernel 5.4.0-71
description: updated
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1921902

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Jan Kellermann (jan-kellermann) wrote :

Due to kind of report are no logs available.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Tim Gardner (timg-tpi) wrote :

upstream commit a846738f8c3788d846ed1f587270d2f2e3d32432 ("xen-blkback: don't leak persistent grants from xen_blkbk_map()")

Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Xenial):
status: New → In Progress
Changed in linux (Ubuntu Bionic):
status: New → In Progress
Changed in linux (Ubuntu Focal):
status: New → In Progress
Changed in linux (Ubuntu Groovy):
status: New → In Progress
Changed in linux (Ubuntu Hirsute):
status: Confirmed → In Progress
tags: added: bot-stop-nagging
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
Changed in linux (Ubuntu Groovy):
importance: Undecided → Medium
Changed in linux (Ubuntu Hirsute):
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
assignee: nobody → Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Bionic):
assignee: nobody → Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Focal):
assignee: nobody → Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Groovy):
assignee: nobody → Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Hirsute):
assignee: nobody → Tim Gardner (timg-tpi)
Tim Gardner (timg-tpi)
description: updated
description: updated
Revision history for this message
Tim Gardner (timg-tpi) wrote :
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (20.1 KiB)

This bug was fixed in the package linux - 4.15.0-143.147

---------------
linux (4.15.0-143.147) bionic; urgency=medium

  * bionic/linux: 4.15.0-143.147 -proposed tracker (LP: #1923811)

  * CVE-2021-29650
    - netfilter: x_tables: Use correct memory barriers.

  * LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
    (LP: #1918134)
    - [Packaging] dkms-build{,--nvidia-N} sync back from LRMv4

  * Security-Fix Xen XSA 371 for Kernel 5.4.0-71 (LP: #1921902) //
    CVE-2021-28688
    - xen-blkback: don't leak persistent grants from xen_blkbk_map()

  * CVE-2021-20292
    - drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

  * CVE-2021-29264
    - gianfar: fix jumbo packets+napi+rx overrun crash

  * CVE-2021-29265
    - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

  * Bcache bypasse writeback on caching device with fragmentation (LP: #1900438)
    - bcache: consider the fragmentation when update the writeback rate

  * Bionic update: upstream stable patchset 2021-03-31 (LP: #1922124)
    - net: usb: qmi_wwan: support ZTE P685M modem
    - scripts: use pkg-config to locate libcrypto
    - scripts: set proper OpenSSL include dir also for sign-file
    - hugetlb: fix update_and_free_page contig page struct assumption
    - drm/virtio: use kvmalloc for large allocations
    - virtio/s390: implement virtio-ccw revision 2 correctly
    - arm64 module: set plt* section addresses to 0x0
    - arm64: Avoid redundant type conversions in xchg() and cmpxchg()
    - arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
    - arm64: Use correct ll/sc atomic constraints
    - JFS: more checks for invalid superblock
    - media: mceusb: sanity check for prescaler value
    - xfs: Fix assert failure in xfs_setattr_size()
    - smackfs: restrict bytes count in smackfs write functions
    - net: fix up truesize of cloned skb in skb_prepare_for_shift()
    - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
    - net: bridge: use switchdev for port flags set through sysfs too
    - dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/
    - staging: fwserial: Fix error handling in fwserial_create
    - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
    - vt/consolemap: do font sum unsigned
    - wlcore: Fix command execute failure 19 for wl12xx
    - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
    - ath10k: fix wmi mgmt tx queue full due to race condition
    - x86/build: Treat R_386_PLT32 relocation as R_386_PC32
    - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
    - staging: most: sound: add sanity check for function argument
    - media: uvcvideo: Allow entities with no pads
    - f2fs: handle unallocated section and zone on pinned/atgc
    - parisc: Bump 64-bit IRQ stack size to 64 KB
    - Xen/gnttab: handle p2m update errors on a per-slot basis
    - xen-netback: respect gnttab_map_refs()'s return value
    - zsmalloc: account the number of compacted pages correctly
    - swap: fix swapfile read/write offset
    - media: v4l: ioctl: Fix memory leak in video_usercopy
    - PCI: Add a REBAR size quirk for S...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote :

The Groovy Gorilla has reached end of life, so this bug will not be fixed for that release

Changed in linux (Ubuntu Groovy):
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers