from:"Steve Beattie"

[Kernel-packages] [Bug 1983357] Re: test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.1 / J-6.2 AMD64

2024-02-08 Thread Steve Beattie

I have confirmed that with the 6.5.0-25.25 kernel in mantic-proposed,
shared libraries for 32bit binaries are loaded with some randoness;
specifically, we are back to 7 bits of randomness with this kernel
update:

$ cat /proc/version_signature 
Ubuntu 6.5.0-25.25-generic 6.5.13
$ for ((i = 0 ; i < 5; i++ )) ; do ./aslr32 --report  libs  ; done
0xe8a86e80
0xf4a86e80
0xf2886e80
0xf2a86e80
0xf1686e80
# report the number of distinct values we get:
$ for ((i = 0 ; i < 1; i++ )) ; do ./aslr32 --report  libs  ; done | sort | 
uniq -c | wc -l
129

For reference, on the 6.5.0-17.17 kernel, we had no randomness
whatsoever:

$ cat /proc/version_signature 
Ubuntu 6.5.0-17.17-generic 6.5.8
$ for ((i = 0 ; i < 1; i++ )) ; do ./aslr32 --report libs  ; done | sort | 
uniq -c 
  1 0xf7c86e80

** Tags removed: verification-needed-mantic-linux
** Tags added: verification-done-mantic-linux

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1983357

Title:
  test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on
  K-5.19 / J-OEM-6.1 / J-6.2 AMD64

Status in QA Regression Testing:
  Invalid
Status in ubuntu-kernel-tests:
  Invalid
Status in linux package in Ubuntu:
  Fix Released
Status in linux-oem-6.1 package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Invalid
Status in linux-oem-6.1 source package in Jammy:
  New
Status in linux source package in Kinetic:
  Invalid
Status in linux-oem-6.1 source package in Kinetic:
  Invalid
Status in linux source package in Lunar:
  Won't Fix
Status in linux-oem-6.1 source package in Lunar:
  New
Status in linux source package in Mantic:
  Fix Committed
Status in linux-oem-6.1 source package in Mantic:
  New
Status in linux source package in Noble:
  Fix Released
Status in linux-oem-6.1 source package in Noble:
  Invalid

Bug description:
  Issue found on 5.19.0-9.9 Kinetic AMD64 systems

  Test log:
   Running test: './test-kernel-security.py' distro: 'Ubuntu 22.10' kernel: 
'5.19.0-9.9 (Ubuntu 5.19.0-9.9-generic 5.19.0-rc5)' arch: 'amd64' uid: 0/0 
SUDO_USER: 'ubuntu')
   test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
   ASLR of libs ... (default libs native) (default libs native rekey) (default 
libs COMPAT) FAIL
   
   ==
   FAIL: test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
   ASLR of libs
   --
   Traceback (most recent call last):
 File "./test-kernel-security.py", line 1770, in test_021_aslr_dapper_libs
   self._test_aslr('libs', expected)
 File "./test-kernel-security.py", line 1727, in _test_aslr
   self._test_aslr_all(area, expected, "default %s" % area)
 File "./test-kernel-security.py", line 1720, in _test_aslr_all
   self._test_aslr_exec(area, expected, target, name)
 File "./test-kernel-security.py", line 1703, in _test_aslr_exec
   self.assertShellExitEquals(aslr_expected, ["./%s" % (target), area, 
"--verbose"], msg="%s:\n" % name)
 File 
"/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py",
 line 1203, in assertShellExitEquals
   self.assertEqual(expected, rc, msg + result + report)
   AssertionError: default libs COMPAT:
   Got exit code 1, expected 0
   Command: './aslr32', 'libs', '--verbose'
   Output:
   Checking ASLR of libs:
   0xf7c81790
   0xf7c81790
   0xf7c81790
   FAIL: ASLR not functional (libs always at 0xf7c81790)
   
   
   --
   Ran 1 test in 0.144s
   
   FAILED (failures=1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1983357/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1983357] Re: test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.1 / J-6.2 AMD64

2023-10-25 Thread Steve Beattie

Thanks for investigating this, Cascardo. I agree that option 3 is likely
the best path forward, either via changing our kernel config defaults or
adjusting the sysctl defaults via the procps package. For reference the
adjustable sysctl setting is vm.mmap_rnd_compat_bits.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1983357

Title:
  test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on
  K-5.19 / J-OEM-6.1 / J-6.2 AMD64

Status in QA Regression Testing:
  New
Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Incomplete
Status in linux-oem-6.1 package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Invalid
Status in linux-oem-6.1 source package in Jammy:
  New
Status in linux source package in Kinetic:
  Incomplete
Status in linux-oem-6.1 source package in Kinetic:
  Invalid

Bug description:
  Issue found on 5.19.0-9.9 Kinetic AMD64 systems

  Test log:
   Running test: './test-kernel-security.py' distro: 'Ubuntu 22.10' kernel: 
'5.19.0-9.9 (Ubuntu 5.19.0-9.9-generic 5.19.0-rc5)' arch: 'amd64' uid: 0/0 
SUDO_USER: 'ubuntu')
   test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
   ASLR of libs ... (default libs native) (default libs native rekey) (default 
libs COMPAT) FAIL
   
   ==
   FAIL: test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
   ASLR of libs
   --
   Traceback (most recent call last):
 File "./test-kernel-security.py", line 1770, in test_021_aslr_dapper_libs
   self._test_aslr('libs', expected)
 File "./test-kernel-security.py", line 1727, in _test_aslr
   self._test_aslr_all(area, expected, "default %s" % area)
 File "./test-kernel-security.py", line 1720, in _test_aslr_all
   self._test_aslr_exec(area, expected, target, name)
 File "./test-kernel-security.py", line 1703, in _test_aslr_exec
   self.assertShellExitEquals(aslr_expected, ["./%s" % (target), area, 
"--verbose"], msg="%s:\n" % name)
 File 
"/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py",
 line 1203, in assertShellExitEquals
   self.assertEqual(expected, rc, msg + result + report)
   AssertionError: default libs COMPAT:
   Got exit code 1, expected 0
   Command: './aslr32', 'libs', '--verbose'
   Output:
   Checking ASLR of libs:
   0xf7c81790
   0xf7c81790
   0xf7c81790
   FAIL: ASLR not functional (libs always at 0xf7c81790)
   
   
   --
   Ran 1 test in 0.144s
   
   FAILED (failures=1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1983357/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2031302] Re: test_290_config_hardened_usercopy in ubuntu_qrt_kernel_security failed with J-oem-6.5 / M-linux (HAVE_HARDENED_USERCOPY_ALLOCATOR does not exist anymore)

2023-10-13 Thread Steve Beattie

Paolo's merge request has been applied in qa-regression-testing, thanks!

** Changed in: qa-regression-testing
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.5 in Ubuntu.
https://bugs.launchpad.net/bugs/2031302

Title:
  test_290_config_hardened_usercopy in ubuntu_qrt_kernel_security failed
  with J-oem-6.5 / M-linux (HAVE_HARDENED_USERCOPY_ALLOCATOR does not
  exist anymore)

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  New
Status in linux-oem-6.5 package in Ubuntu:
  Invalid
Status in linux-oem-6.5 source package in Jammy:
  New

Bug description:
  This test requires HARDENED_USERCOPY to be unset.

  Test log:
   Running 'python3 ./test-kernel-security.py -v 
KernelSecurityConfigTest.test_290_config_hardened_usercopy'
   Running test: './test-kernel-security.py' distro: 'Ubuntu 22.04' kernel: 
'6.5.0-1002.2 (Ubuntu 6.5.0-1002.2-oem 6.5.0-rc4)' arch: 'amd64' init: 
'systemd' uid: 0/0 SUDO_USER: 'ubuntu')
   test_290_config_hardened_usercopy (__main__.KernelSecurityConfigTest)
   Ensure CONFIG_HARDENED_USERCOPY is set ... (skipped: HARDENED_USERCOPY 
depends on the allocator and strict devmem) FAIL
   
   ==
   FAIL: test_290_config_hardened_usercopy (__main__.KernelSecurityConfigTest)
   Ensure CONFIG_HARDENED_USERCOPY is set
   --
   Traceback (most recent call last):
 File 
"/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/./test-kernel-security.py",
 line 2724, in test_290_config_hardened_usercopy
   self.assertKernelConfigUnset(config_name)
 File 
"/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/./test-kernel-security.py",
 line 223, in assertKernelConfigUnset
   self.assertFalse(self._test_config(name),
   AssertionError: True is not false : HARDENED_USERCOPY option was expected to 
be unset in the kernel config
   
   --
   Ran 1 test in 0.007s
   
   FAILED (failures=1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/2031302/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2035285] Re: nft cannot load certain rulesets after kernel upgrade

2023-09-19 Thread Steve Beattie

I have prepared an nftables upload for lunar in the ubuntu-security-
proposed ppa https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/ for people to test and confirm that it
addresses the issue; additional work needs to be done for jammy as
naively applying the commits results in an nft that segfaults on the
0041chain_binding_0 testcase.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2035285

Title:
  nft cannot load certain rulesets after kernel upgrade

Status in linux package in Ubuntu:
  Won't Fix
Status in nftables package in Ubuntu:
  Invalid
Status in linux source package in Jammy:
  Won't Fix
Status in nftables source package in Jammy:
  New
Status in linux source package in Lunar:
  Won't Fix
Status in nftables source package in Lunar:
  New

Bug description:
  [Impact]
  After kernel fixes for CVE-2023-4147/CVE-2023-3995 were applied, the kernel 
nftables module does not accept certain bogus rules that were built by the nft 
tool. A fix for nft was provided to produce rules as now expected by the kernel.

  [Test case]
  Running nftables testcase 0041chain_binding_0 on linux-5.15.0-83-generic or 
linux-6.2.0-32-generic will will show the following error:

  ubuntu@jammy2:~/nftables-1.0.2/tests/shell$ sudo NFT=/usr/sbin/nft 
./run-tests.sh -g ./testcases/chains/0041chain_binding_0 
  I: using nft command: /usr/sbin/nft

  W: [FAILED] ./testcases/chains/0041chain_binding_0: got 1
  /dev/stdin:5:25-95: Error: Could not process rule: Operation not supported
  ip saddr { 127.0.0.0/8, 172.23.0.0/16, 
192.168.13.0/24 } counter accept
  
^^^
  /dev/stdin:6:25-56: Error: Could not process rule: Operation not supported
  ip6 saddr ::1/128 counter accept
  

  I: results: [OK] 0 [FAILED] 1 [TOTAL] 1

  The expected result is:
  ubuntu@jammy2:~/nftables-1.0.2/tests/shell$ sudo NFT=/usr/sbin/nft 
./run-tests.sh -g ./testcases/chains/0041chain_binding_0 
  I: using nft command: /usr/sbin/nft

  I: [OK] ./testcases/chains/0041chain_binding_0

  I: results: [OK] 1 [FAILED] 0 [TOTAL] 1

  Another test case is trying to run nft -f test.nft with the following
  contents on test.nft:

  #!/usr/sbin/nft -f

  flush ruleset

  table inet filter {
  chain PREROUTING_RAW {
  type filter hook prerouting priority raw;

  tcp flags syn jump {
  tcp option maxseg size 1-500 counter drop
  tcp sport 0 counter drop
  }
  rt type 0 counter drop
  }
  }

  A broken nft will produce:
  ./test.nft:10:4-44: Error: Could not process rule: Operation not supported
  tcp option maxseg size 1-500 counter drop
  ^
  ./test.nft:11:4-27: Error: Could not process rule: Operation not supported
  tcp sport 0 counter drop
  

  A fixed nft will produce no output, but a following 'nft list ruleset' 
command will show:
  table inet filter {
  chain PREROUTING_RAW {
  type filter hook prerouting priority raw; policy accept;
  tcp flags syn jump {
  tcp option maxseg size 1-500 counter packets 0 bytes 
0 drop
  tcp sport 0 counter packets 0 bytes 0 drop
  }
  rt type 0 counter packets 0 bytes 0 drop
  }
  }

  
  [Potential regressions]
  Users rulesets may fail to load or produce incorrect results, like allowing 
or denying certain packages in their firewall, for example.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2035285/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2023577] Re: cls_flower: off-by-one in fl_set_geneve_opt

2023-06-26 Thread Steve Beattie

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-35788

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2023577

Title:
  cls_flower: off-by-one in fl_set_geneve_opt

Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Fix Committed

Bug description:
  [Impact]
  An unprivileged user may cause an out-of-bounds write by setting up geneve 
options on the flower classifier.

  [Test case]
  https://seclists.org/oss-sec/2023/q2/219

  [Potential regression]
  Users setting up geneve options on the flower tc classifier can be affected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2023577/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2013198] Re: Fix (+follow-up) needed for SEV-SNP vulnerability

2023-05-16 Thread Steve Beattie

This issue was introduced in fce96cf04430 ("virt: Add SEV-SNP guest
driver") and thus affects 5.19 kernels and newer.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2013198

Title:
  Fix (+follow-up) needed for SEV-SNP vulnerability

Status in linux package in Ubuntu:
  Incomplete
Status in linux-gcp package in Ubuntu:
  New
Status in linux-gcp source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed

Bug description:
  From email discussions with Dionna Glazee from Google:

  
  > This email details a critical vulnerability in SEV-SNP attestation
  > report integrity protection that must be patched in SEV-SNP-enabled
  > kernels.
  >
  > I'm reaching out since I've been tracking our progress towards a
  > stable offering of customer access to SEV-SNP "guest requests". I'd
  > like to know how or if y'all test the /dev/sev-guest driver.
  >
  > The reason I ask is because our host KVM injects failures into the
  > guest if requests come too frequently. Test suites that request
  > attestation reports in quick succession will fail without very recent
  > patches or workaround code in user space.
  >
  > Technical details, tl;dr
  > * Nov 21, 2022: Linux Kernel 6.1 included a security patch 47894e0fa
  > that will cause attestation to fail frequently (in GCE). Peter found
  > and patched this vulnerability.
  >
  > Details of security patch 47894e0fa:
  > This patch to sev-guest causes more fail-closed situations. All VMM
  > errors other than INVALID_LEN will wipe out the VMPCK and close the
  > guest's ability to communicate with the security processor.
  > Ratelimit failures will also cause a fail-closed situation.
  >
  > As you may know, guest requests are encrypted by the guest with
  > AES_GCM (not AES_GCM_SIV) and then passed through unencrypted memory
  > to the host's KVM. KVM forwards that to the crypto/ccp driver to
  > deliver to the AMD secure processor to respond to. When the VMM
  > returns an error instead of forwarding a request to the secure
  > processor, then the guest driver *does not* increment its IV. It can
  > therefore reuse an IV on multiple messages with different contents.
  > This breaks AES_GCM's security guarantees.
  >
  > Ratelimiting looks to the guest not as a stalled vCPU, but rather a
  > special error response that AMD will include in their next published
  > version of the GHCB protocol (I believe v2.02). This allows the guest
  > VM to schedule other threads and remain productive while waiting up to
  > 2 seconds for a request to be serviced. The special error code to an
  > unpatched kernel is just forwarded to the guest as an EIO. User space
  > may continue to issue requests, even if it is unsafe to do so.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2013198/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2016827] Re: screen breaks and freezing

2023-04-19 Thread Steve Beattie

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016827

Title:
  screen breaks and freezing

Status in linux package in Ubuntu:
  New

Bug description:
  Just started having issues with the graphics breaking and having boot
  information when booting both tuning on and shutting down. Now both my
  web browsers are randomly freezing my pc completely up and having to
  just turn it off and back on without shutting it down. My fan will run
  really loud on boot up and for about the next 3 to 4 min after boot,
  the power consumption has been reduce really bad as well. Thanks for
  your time hope that I can get this resolved.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: linux-image-5.15.0-69-generic 5.15.0-69.76
  ProcVersionSignature: Ubuntu 5.15.0-69.76-generic 5.15.87
  Uname: Linux 5.15.0-69-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.4
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC1:  mjm2086 F pulseaudio
   /dev/snd/controlC0:  mjm2086 F pulseaudio
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Mon Apr 17 20:19:10 2023
  MachineType: HP HP 255 G8 Notebook PC
  ProcFB: 0 amdgpudrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-69-generic 
root=UUID=ac398bb2-9ae5-4a95-8511-6f6f88344f20 ro quiet splash loglevel=3 
vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-5.15.0-69-generic N/A
   linux-backports-modules-5.15.0-69-generic  N/A
   linux-firmware 20220329.git681281e4-0ubuntu3.12
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/02/2022
  dmi.bios.release: 15.32
  dmi.bios.vendor: Insyde
  dmi.bios.version: F.32
  dmi.board.asset.tag: Type2 - Board Asset Tag
  dmi.board.name: 87D2
  dmi.board.vendor: HP
  dmi.board.version: 38.25
  dmi.chassis.asset.tag: Chassis Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: HP
  dmi.chassis.version: Chassis Version
  dmi.ec.firmware.release: 38.25
  dmi.modalias: 
dmi:bvnInsyde:bvrF.32:bd08/02/2022:br15.32:efr38.25:svnHP:pnHP255G8NotebookPC:pvrType1ProductConfigId:rvnHP:rn87D2:rvr38.25:cvnHP:ct10:cvrChassisVersion:sku5U073UT#ABA:
  dmi.product.family: 103C_5336AN HP 200
  dmi.product.name: HP 255 G8 Notebook PC
  dmi.product.sku: 5U073UT#ABA
  dmi.product.version: Type1ProductConfigId
  dmi.sys.vendor: HP

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016827/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2008823] Re: /sys/kernel/boot_params/data leaks random data

2023-04-05 Thread Steve Beattie

** Package changed: linux-signed-hwe-5.19 (Ubuntu) => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2008823

Title:
  /sys/kernel/boot_params/data leaks random data

Status in linux package in Ubuntu:
  New

Bug description:
  Looking at /sys/kernel/boot_params/data I see that much of the 4096 byte 
buffer is old kernel data. 
  It really stood out as I saw parts of email contents in there.
  It seems be random RAM contents from what was present before rebooting.   
   
  This was seen on Ubuntu 22.04.2 LTS with kernel 5.19.0-32-generic.
   After rebooting again I 
saw a fragment of yet another email in there.
  A couple of ubuntu 22.10 systems show similar non-zero data, but nothing as 
recognizable.   

  
  Nothing after the entries at the front of e820_table was zeroed out as it 
should be.
  This could leak a substantial amount of data such as encryption keys. 
  

  
  /sys/kernel/boot_params/data is readable by all users.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: linux-image-5.19.0-32-generic 5.19.0-32.33~22.04.1
  ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-32-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Tue Feb 28 13:24:06 2023
  InstallationDate: Installed on 2019-10-17 (1229 days ago)
  InstallationMedia: Ubuntu-Server 18.04.3 LTS "Bionic Beaver" - Release amd64 
(20190805)
  ProcEnviron:
   TERM=screen-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-signed-hwe-5.19
  UpgradeStatus: Upgraded to jammy on 2022-08-13 (199 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2008823/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends

2023-02-08 Thread Steve Beattie

All of these CVEs related to
https://xenbits.xen.org/xsa/advisory-396.html have been addressed in
every kernel except for

- Ubuntu 20.04's linux-oem-5.14
- CVE-2022-23041 has not been addressed in the 4.15 based kernels.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1976184

Title:
  Linux PV device frontends vulnerable to attacks by backends

Status in linux package in Ubuntu:
  Confirmed
Status in linux-aws package in Ubuntu:
  New
Status in linux-aws-5.15 package in Ubuntu:
  Fix Released
Status in linux-aws-5.4 package in Ubuntu:
  Fix Released
Status in linux-azure package in Ubuntu:
  Fix Released
Status in linux-azure-4.15 package in Ubuntu:
  New
Status in linux-azure-5.4 package in Ubuntu:
  Fix Released
Status in linux-bluefield package in Ubuntu:
  Fix Released
Status in linux-dell300x package in Ubuntu:
  New
Status in linux-gcp package in Ubuntu:
  Fix Released
Status in linux-gcp-4.15 package in Ubuntu:
  New
Status in linux-gcp-5.4 package in Ubuntu:
  Fix Released
Status in linux-gke package in Ubuntu:
  Fix Released
Status in linux-gke-5.4 package in Ubuntu:
  Fix Released
Status in linux-gkeop package in Ubuntu:
  Fix Released
Status in linux-gkeop-5.4 package in Ubuntu:
  Fix Released
Status in linux-hwe-5.4 package in Ubuntu:
  Fix Released
Status in linux-ibm package in Ubuntu:
  Fix Released
Status in linux-ibm-5.4 package in Ubuntu:
  Fix Released
Status in linux-intel-iotg-5.15 package in Ubuntu:
  Fix Released
Status in linux-kvm package in Ubuntu:
  New
Status in linux-oem-5.14 package in Ubuntu:
  Won't Fix
Status in linux-oracle package in Ubuntu:
  New
Status in linux-oracle-5.4 package in Ubuntu:
  Fix Released
Status in linux-raspi package in Ubuntu:
  Fix Released
Status in linux-raspi-5.4 package in Ubuntu:
  Fix Released
Status in linux-snapdragon package in Ubuntu:
  New

Bug description:
  The packages listed above are vulnerable to the CVEs below in at least
  one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for
  linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon,
  that are only vulnerable to CVE-2022-23041.

  Please release fixed packages.

  Xen released a security advisory on March 10.

  (I was informed by the security team that it does not track security
  issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the
  issue is unpatched for over 2.5 months and marked as needed for these
  combinations of source package and Ubuntu version in the Tracker, and
  therefore I am filing this bug.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976184/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1950644] Re: ubuntu_ltp_syscalls / finit_module02 fails on v4.15 and other kernels

2023-02-08 Thread Steve Beattie

The API that was failing in this test was introduced in the 4.6 kernel
series (in b844f0ecbc56 ("vfs: define kernel_copy_file_from_fd()")), so
trusty's 4.4 kernel should not be affected. The linux-azure 4.15 kernels
in trusty and xenial have the needed fix applied, are they still
affected by this bug?

** Changed in: linux-azure (Ubuntu Jammy)
   Status: New => Fix Released

** Changed in: linux (Ubuntu Trusty)
   Status: Confirmed => Invalid

** Changed in: linux-azure (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.14 in Ubuntu.
https://bugs.launchpad.net/bugs/1950644

Title:
  ubuntu_ltp_syscalls / finit_module02 fails on v4.15 and other kernels

Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Fix Released
Status in linux-azure package in Ubuntu:
  Fix Released
Status in linux-oem-5.10 package in Ubuntu:
  Invalid
Status in linux-oem-5.13 package in Ubuntu:
  Invalid
Status in linux-oem-5.14 package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Invalid
Status in linux-azure source package in Trusty:
  New
Status in linux-oem-5.10 source package in Trusty:
  Invalid
Status in linux-oem-5.13 source package in Trusty:
  Invalid
Status in linux-oem-5.14 source package in Trusty:
  Invalid
Status in linux source package in Bionic:
  Fix Released
Status in linux-azure source package in Bionic:
  New
Status in linux-oem-5.10 source package in Bionic:
  Invalid
Status in linux-oem-5.13 source package in Bionic:
  Invalid
Status in linux-oem-5.14 source package in Bionic:
  Invalid
Status in linux source package in Focal:
  Fix Released
Status in linux-azure source package in Focal:
  Fix Released
Status in linux-oem-5.10 source package in Focal:
  Fix Released
Status in linux-oem-5.13 source package in Focal:
  Fix Released
Status in linux-oem-5.14 source package in Focal:
  Fix Released
Status in linux source package in Hirsute:
  Fix Released
Status in linux-azure source package in Hirsute:
  Fix Released
Status in linux-oem-5.10 source package in Hirsute:
  Invalid
Status in linux-oem-5.13 source package in Hirsute:
  Invalid
Status in linux-oem-5.14 source package in Hirsute:
  Invalid
Status in linux source package in Impish:
  Fix Released
Status in linux-azure source package in Impish:
  Fix Released
Status in linux-oem-5.10 source package in Impish:
  Invalid
Status in linux-oem-5.13 source package in Impish:
  Invalid
Status in linux-oem-5.14 source package in Impish:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-azure source package in Jammy:
  Fix Released
Status in linux-oem-5.10 source package in Jammy:
  Invalid
Status in linux-oem-5.13 source package in Jammy:
  Invalid
Status in linux-oem-5.14 source package in Jammy:
  Invalid

Bug description:
  [Impact]
  Some uses of kernel_read_file_from_fd may lead to a WARN when the file is
  not opened for reading.

  The WARNING, however, is not present on earlier kernels, which will return
  a different error code. The fix, however, has been applied to upstream stable
  and may be worth so tests can PASS without much change.

  [Fix/Backport]
  The fix is trivial, but the backport for Focal and Bionic was picked up
  from 5.4.y upstream stable tree, because the function was moved to a
  different file.

  [Test case]
  The finit_module02 test case from LTP covers this.

  [Potential regression]
  kernel_read_file_from_fd is used for module loading and kexec, so there is
  where regressions might show up.

  
  =

  ubuntu_ltp / finit_module02 fails on Bionic Azure FIPS
  (4.15.0-2039.43), Bionic Azure (4.15.0-1127.140), Focal Azure
  (5.4.0-1064.67):

  
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  finit_module02.c:119: TPASS: TestName: invalid-fd : EBADF (9)
  finit_module02.c:119: TPASS: TestName: zero-fd : EINVAL (22)
  finit_module02.c:119: TPASS: TestName: null-param : EFAULT (14)
  finit_module02.c:119: TPASS: TestName: invalid-param : EINVAL (22)
  finit_module02.c:119: TPASS: TestName: invalid-flags : EINVAL (22)
  tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
  finit_module02.c:119: TPASS: TestName: no-perm : EPERM (1)
  tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
  finit_module02.c:119: TPASS: TestName: module-exists : EEXIST (17)
  finit_module02.c:119: TFAIL: TestName: file-not-readable expected EBADF: 
ETXTBSY (26)
  finit_module02.c:119: TPASS: TestName: directory : EINVAL (22)

  HINT: You _MAY_ be missing kernel fixes, see:

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=032146cda855

  

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1950644/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to :

[Kernel-packages] [Bug 1998024] Re: Xorg crashes on startup if Marco window manager is used

2022-11-30 Thread Steve Beattie

Hi Mikko, thanks for the report. Given the public issues elsewhere, I'm
opening this bug up publicly as well.

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to nvidia-graphics-drivers-520 in Ubuntu.
https://bugs.launchpad.net/bugs/1998024

Title:
  Xorg crashes on startup if Marco window manager is used

Status in nvidia-graphics-drivers-520 package in Ubuntu:
  New
Status in xorg-server package in Ubuntu:
  New

Bug description:
  I'm running MATE desktop and I installed NVIDIA GTX 1060 GPU to my
  system and Xorg crashes after entering password.

  I proceeded to run strace with startx trying to debug this and it
  seems that the window manager `marco` does some (yet unknown) command
  which causes Xorg to crash with SIGABRT (signal 6) or SIGSEGV (signal
  11) and emit stack trace:

  0: /usr/lib/xorg/Xorg (OsLookupColor+0x13c)
  1: /lib/x86_64-linux-gnu/libpthread.so.0 (funlockfile+0x60)
  2: ? (?+0x0)

  (EE) Segmentation fault at address 0x0
  (EE) Caught signal 11 (Segmentation fault). Server aborting

  
  The Xorg itself declares signal 11 but `journalctl --since "5 min ago"` shows

  kernel: potentially unexpected fatal signal 6.
  kernel: CPU: 2 PID: 20660 Comm: Xorg Tainted: P   OE 
5.15.0-53-lowlatency #59~20.04.1-Ubuntu
  kernel: Hardware name: System manufacturer System Product Name/P8H77-M PRO, 
BIOS 1505 10/17/2014

  followed with register dump.

  
  Before crashing, process running `marco` also emits warning which I think is 
not related to the problem (it may be caused by the fact that I executed marco 
with startx instead of mate-session):

  Window manager warning: Log level 128: Name
  com.canonical.AppMenu.Registrar does not exist on the session bus

  
  Workaround: downgrading to NVIDIA driver version 470 avoids the problem (as 
suggested here: 
https://ubuntu-mate.community/t/updated-nvidia-settings-now-x-wont-start/24991)

  # sudo apt install linux-modules-nvidia-470-lowlatency-hwe-20.04
  nvidia-driver-470 linux-modules-nvidia-520-lowlatency-hwe-20.04-
  nvidia-driver-520-

  I also tried version 515 and it caused the same crash.

  I'm using following kernel package: linux-lowlatency-hwe-20.04 (+
  linux-tools-lowlatency-hwe-20.04)

  
  I would guess that the bug is in Xorg OsLookupColor() implementation which 
gets triggered by recent NVIDIA driver change.

  Bug https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1853266
  might be related.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: nvidia-driver-520 (not installed)
  ProcVersionSignature: Ubuntu 5.15.0-53.59~20.04.1-lowlatency 5.15.64
  Uname: Linux 5.15.0-53-lowlatency x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu27.25
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: MATE
  Date: Sat Nov 26 21:42:50 2022
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2019-01-05 (1421 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  SourcePackage: nvidia-graphics-drivers-520
  UpgradeStatus: Upgraded to focal on 2022-09-13 (74 days ago)
  modified.conffile..etc.init.d.apport: [modified]
  mtime.conffile..etc.init.d.apport: 2022-05-19T12:50:20.029158

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-520/+bug/1998024/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1981069] Re: test_060_nx in ubuntu_qrt_kernel_security failed on B-gke-5.4 since 5.4.0-1071-gke

2022-09-21 Thread Steve Beattie

Sorry for the delay, I went ahead and merged the fix for this. Thanks!

** Changed in: qa-regression-testing
   Status: In Progress => Fix Released

** Changed in: linux-gke (Ubuntu)
   Status: New => Invalid

** Changed in: linux-gke (Ubuntu)
   Status: Invalid => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gke in Ubuntu.
https://bugs.launchpad.net/bugs/1981069

Title:
  test_060_nx in ubuntu_qrt_kernel_security failed on B-gke-5.4 since
  5.4.0-1071-gke

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  New
Status in linux-gke package in Ubuntu:
  Fix Released

Bug description:
  Test failed since 5.4.0-1071.76~18.04.3-gke AMD64 (works ok with
  5.4.0-1068-gke)

  $ sudo python2 ./test-kernel-security.py -v KernelSecurityTest.test_060_nx
  Running test: './test-kernel-security.py' distro: 'Ubuntu 18.04' kernel: 
'5.4.0-1071.76~18.04.3 (Ubuntu 5.4.0-1071.76~18.04.3-gke 5.4.181)' arch: 
'amd64' uid: 0/0 SUDO_USER: 'google')
  test_060_nx (__main__.KernelSecurityTest)
  NX bit is working ... FAIL

  ==
  FAIL: test_060_nx (__main__.KernelSecurityTest)
  NX bit is working
  --
  Traceback (most recent call last):
    File "./test-kernel-security.py", line 575, in test_060_nx
  self.assertShellExitEquals(rie_expected, ["./nx-test-rie", "data"])
    File 
"/home/google/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py",
 line 1203, in assertShellExitEquals
  self.assertEqual(expected, rc, msg + result + report)
  AssertionError: Got exit code -11, expected 0
  Command: './nx-test-rie', 'data'
  Output:
  rodata:0x55f37cf22098
  data:  0x55f37d123010
  bss:   0x55f37d133040
  brk:   0x55f37edd7270
  rw:0x7f9b635da000
  rwx:   0x7f9b635d9000
  stack: 0x7ffd6cde4b90
  Dump of /proc/self/maps:
  55f37cf21000-55f37cf23000 r-xp  08:01 272969 
/home/google/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/kernel-security/nx/nx-test-rie
  55f37d122000-55f37d123000 r--p 1000 08:01 272969 
/home/google/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/kernel-security/nx/nx-test-rie
  55f37d123000-55f37d124000 rw-p 2000 08:01 272969 
/home/google/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/kernel-security/nx/nx-test-rie
  55f37d124000-55f37d134000 rw-p  00:00 0
  55f37edd6000-55f37edf7000 rw-p  00:00 0  
[heap]
  7f9b62fc1000-7f9b631a8000 r-xp  08:01 2245   
/lib/x86_64-linux-gnu/libc-2.27.so
  7f9b631a8000-7f9b633a8000 ---p 001e7000 08:01 2245   
/lib/x86_64-linux-gnu/libc-2.27.so
  7f9b633a8000-7f9b633ac000 r--p 001e7000 08:01 2245   
/lib/x86_64-linux-gnu/libc-2.27.so
  7f9b633ac000-7f9b633ae000 rw-p 001eb000 08:01 2245   
/lib/x86_64-linux-gnu/libc-2.27.so
  7f9b633ae000-7f9b633b2000 rw-p  00:00 0
  7f9b633b2000-7f9b633db000 r-xp  08:01 2240   
/lib/x86_64-linux-gnu/ld-2.27.so
  7f9b635cf000-7f9b635d1000 rw-p  00:00 0
  7f9b635d9000-7f9b635da000 rwxp  00:00 0
  7f9b635da000-7f9b635db000 rw-p  00:00 0
  7f9b635db000-7f9b635dc000 r--p 00029000 08:01 2240   
/lib/x86_64-linux-gnu/ld-2.27.so
  7f9b635dc000-7f9b635dd000 rw-p 0002a000 08:01 2240   
/lib/x86_64-linux-gnu/ld-2.27.so
  7f9b635dd000-7f9b635de000 rw-p  00:00 0
  7ffd6cdc6000-7ffd6cde7000 rwxp  00:00 0  
[stack]
  7ffd6cdfa000-7ffd6cdfd000 r--p  00:00 0  
[vvar]
  7ffd6cdfd000-7ffd6cdfe000 r-xp  00:00 0  
[vdso]
  ff60-ff601000 --xp  00:00 0  
[vsyscall]
  Attempting to execute function at 0x55f37d123010
  If this program seg-faults, the region was enforced as non-executable...

  --
  Ran 1 test in 0.880s

  FAILED (failures=1)

  Notet that this issue does not exist on B-gkeop-5.4

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1981069/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1990090] Re: test_520_config_random_trust_cpu in ubuntu_qrt_kernel_security failed on Bionic 4.15

2022-09-20 Thread Steve Beattie

Applied Luke's patch to the qa-regression-testing repo:
https://git.launchpad.net/qa-regression-
testing/commit/?id=7fb27c11cc22f99ed39ebb7c04e62b3eccf3ab64 (with added
references to this bug report), thanks!

(We happily take merge requests via the above, but can take patches
however people submit them, via `git am` in this case.)

** Changed in: qa-regression-testing
   Status: New => Fix Released

** Changed in: linux (Ubuntu)
   Status: Incomplete => Invalid

** Changed in: linux (Ubuntu Bionic)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1990090

Title:
  test_520_config_random_trust_cpu in ubuntu_qrt_kernel_security failed
  on Bionic 4.15

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Bionic:
  Invalid

Bug description:
  Issue found with Bionic 4.15.0-194.205

  Test failed with:

   Running test: './test-kernel-security.py' distro: 'Ubuntu 18.04' kernel: 
'4.15.0-194.205 (Ubuntu 4.15.0-194.205-generic 4.15.18)' arch: 'amd64' uid: 0/0 
SUDO_USER: 'ubuntu')
   test_520_config_random_trust_cpu (__main__.KernelSecurityConfigTest)
   Ensure RANDOM_TRUST_CPU is enabled (LP: #1823754) ... FAIL
   
   ==
   FAIL: test_520_config_random_trust_cpu (__main__.KernelSecurityConfigTest)
   Ensure RANDOM_TRUST_CPU is enabled (LP: #1823754)
   --
   Traceback (most recent call last):
 File "./test-kernel-security.py", line 2976, in 
test_520_config_random_trust_cpu
   self.assertKernelConfig('RANDOM_TRUST_CPU', expected)   
 File "./test-kernel-security.py", line 233, in assertKernelConfig
   self.assertKernelConfigUnset(name)
 File "./test-kernel-security.py", line 224, in assertKernelConfigUnset
   '%s option was expected to be unset in the kernel config' % name)
   AssertionError: RANDOM_TRUST_CPU option was expected to be unset in the 
kernel config
   
   --
   Ran 1 test in 0.003s
   
   FAILED (failures=1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1990090/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1988466] Re: Getting "Operation not permitted" on "sudo apt upgrade"

2022-09-03 Thread Steve Beattie

Ack, thanks for reporting back, closing bug report.

** Changed in: linux (Ubuntu)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988466

Title:
  Getting "Operation not permitted" on "sudo apt upgrade"

Status in linux package in Ubuntu:
  Invalid

Bug description:
  I have Ubuntu 22.04.1. This is a fresh install from 2 weeks ago. I
  tried to do an apt update/upgrade this morning, but something failed.
  Suggested recovery (sudo apt --fix-broken install) is not working.

  
  $ sudo apt upgrade
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  You might want to run 'apt --fix-broken install' to correct these.
  The following packages have unmet dependencies:
   linux-image-generic-hwe-22.04 : Depends: linux-image-5.15.0-47-generic but 
it is not installed
   linux-modules-5.15.0-47-generic : Depends: linux-image-5.15.0-47-generic but 
it is not installed or
  
linux-image-unsigned-5.15.0-47-generic but it is not installed
   linux-modules-extra-5.15.0-47-generic : Depends: 
linux-image-5.15.0-47-generic but it is not installed or

linux-image-unsigned-5.15.0-47-generic but it is not installed
   linux-modules-nvidia-515-5.15.0-47-generic : Depends: 
linux-image-5.15.0-47-generic but it is not installed or
 
linux-image-unsigned-5.15.0-47-generic but it is not installed
   linux-signatures-nvidia-5.15.0-47-generic : Depends: 
linux-image-5.15.0-47-generic but it is not installed or

linux-image-unsigned-5.15.0-47-generic but it is not installed
  E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or 
specify a solution).

  
  $ sudo apt --fix-broken install
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Correcting dependencies... Done
  The following additional packages will be installed:
linux-image-5.15.0-47-generic
  Suggested packages:
fdutils linux-doc | linux-source-5.15.0 linux-tools
  The following NEW packages will be installed:
linux-image-5.15.0-47-generic
  0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  7 not fully installed or removed.
  Need to get 0 B/11.4 MB of archives.
  After this operation, 11.6 MB of additional disk space will be used.
  Do you want to continue? [Y/n] 
  (Reading database ... 287318 files and directories currently installed.)
  Preparing to unpack .../linux-image-5.15.0-47-generic_5.15.0-47.51_amd64.deb 
...
  Unpacking linux-image-5.15.0-47-generic (5.15.0-47.51) ...
  dpkg: error processing archive 
/var/cache/apt/archives/linux-image-5.15.0-47-generic_5.15.0-47.51_amd64.deb 
(--unpack):
   unable to open '/boot/vmlinuz-5.15.0-47-generic.dpkg-new': Operation not 
permitted
  Errors were encountered while processing:
   /var/cache/apt/archives/linux-image-5.15.0-47-generic_5.15.0-47.51_amd64.deb
  E: Sub-process /usr/bin/dpkg returned an error code (1)
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  mbelanger   2394 F pulseaudio
   /dev/snd/controlC1:  mbelanger   2394 F pulseaudio
  CRDA: N/A
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  DistroRelease: Ubuntu 22.04
  InstallationDate: Installed on 2022-08-15 (16 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  MachineType: Dell Inc. Precision 5550
  NonfreeKernelModules: mfe_aac_100710227 nvidia_modeset nvidia
  Package: linux (not installed)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 i915drmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-46-generic 
root=UUID=f29f9a31-c3c3-4845-a04b-7055c6a5ed9e ro
  ProcVersionSignature: Ubuntu 5.15.0-46.49-generic 5.15.39
  RebootRequiredPkgs: Error: path contained symlinks.
  RelatedPackageVersions:
   linux-restricted-modules-5.15.0-46-generic N/A
   linux-backports-modules-5.15.0-46-generic  N/A
   linux-firmware 20220329.git681281e4-0ubuntu3.4
  Tags:  jammy
  Uname: Linux 5.15.0-46-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo systemd-journal
  _MarkForUpload: True
  dmi.bios.date: 07/05/2022
  dmi.bios.release: 1.17
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.17.0
  dmi.board.name: 0V6K79
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A03
  dmi.chassis.type: 10
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias:

[Kernel-packages] [Bug 1982501] Re: NVIDIA CVE-2022-{31607|31608}

2022-08-02 Thread Steve Beattie

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to nvidia-graphics-drivers-390 in Ubuntu.
https://bugs.launchpad.net/bugs/1982501

Title:
  NVIDIA CVE-2022-{31607|31608}

Status in fabric-manager-450 package in Ubuntu:
  New
Status in fabric-manager-470 package in Ubuntu:
  New
Status in fabric-manager-510 package in Ubuntu:
  New
Status in fabric-manager-515 package in Ubuntu:
  New
Status in libnvidia-nscq-450 package in Ubuntu:
  New
Status in libnvidia-nscq-470 package in Ubuntu:
  New
Status in libnvidia-nscq-510 package in Ubuntu:
  New
Status in libnvidia-nscq-515 package in Ubuntu:
  New
Status in nvidia-graphics-drivers-390 package in Ubuntu:
  New
Status in nvidia-graphics-drivers-450-server package in Ubuntu:
  Triaged
Status in nvidia-graphics-drivers-470 package in Ubuntu:
  New
Status in nvidia-graphics-drivers-470-server package in Ubuntu:
  New
Status in nvidia-graphics-drivers-510 package in Ubuntu:
  New
Status in nvidia-graphics-drivers-510-server package in Ubuntu:
  New
Status in nvidia-graphics-drivers-515 package in Ubuntu:
  New
Status in nvidia-graphics-drivers-515-server package in Ubuntu:
  New
Status in fabric-manager-450 source package in Bionic:
  Fix Released
Status in fabric-manager-470 source package in Bionic:
  Fix Released
Status in fabric-manager-510 source package in Bionic:
  Fix Released
Status in fabric-manager-515 source package in Bionic:
  Fix Released
Status in libnvidia-nscq-450 source package in Bionic:
  Fix Released
Status in libnvidia-nscq-470 source package in Bionic:
  Fix Released
Status in libnvidia-nscq-510 source package in Bionic:
  Fix Released
Status in libnvidia-nscq-515 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-450-server source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-470 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-470-server source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-510 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-510-server source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-515 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-515-server source package in Bionic:
  Fix Released
Status in fabric-manager-450 source package in Focal:
  Fix Released
Status in fabric-manager-470 source package in Focal:
  Fix Released
Status in fabric-manager-510 source package in Focal:
  Fix Released
Status in fabric-manager-515 source package in Focal:
  Fix Released
Status in libnvidia-nscq-450 source package in Focal:
  Fix Released
Status in libnvidia-nscq-470 source package in Focal:
  Fix Released
Status in libnvidia-nscq-510 source package in Focal:
  Fix Released
Status in libnvidia-nscq-515 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-450-server source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-470 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-470-server source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-510 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-510-server source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-515 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-515-server source package in Focal:
  Fix Released
Status in fabric-manager-450 source package in Jammy:
  Fix Released
Status in fabric-manager-470 source package in Jammy:
  Fix Released
Status in fabric-manager-510 source package in Jammy:
  Fix Released
Status in fabric-manager-515 source package in Jammy:
  Fix Released
Status in libnvidia-nscq-450 source package in Jammy:
  Fix Released
Status in libnvidia-nscq-470 source package in Jammy:
  Fix Released
Status in libnvidia-nscq-510 source package in Jammy:
  Fix Released
Status in libnvidia-nscq-515 source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-450-server source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-470 source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-470-server source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-510 source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-510-server source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-515 source package in Jammy:
  Fix Released
Status in nvidia-graphics-drivers-515-server source package in Jammy:
  Fix Released

Bug description:
  CVE-2022-31607, CVE-2022-31608 affecting all the NVIDIA releases from
  390 to 515.

[Kernel-packages] [Bug 1980590] Re: SECURITY leak in dpkg "nftables" kernel code family netdev hook ingress

2022-07-27 Thread Steve Beattie

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1980590

Title:
  SECURITY leak in dpkg "nftables" kernel code family netdev hook
  ingress

Status in linux package in Ubuntu:
  New

Bug description:
  an android app is sending big UDP datagrams, this generates IPv4 fragments
  this IPv4 fragments can not be controlled in firewall nftables family netdev 
hook ingress.

  platform: Ubuntu 22.04LTS, latest patches installed

  I documented 2 screenshots
  fragment1.png
  wireshark: ethernet header type=0x800, ipv4 header ID=0x2466, more frags, 
frag-offset=0, total=1500
  fragment2.png
  wireshark: ethernet header type=0x800, ipv4 header ID=0x2466, 
frag-offset=1480, total=413

  at the bottom of the screenshots is "/usr/sbin/nft monitor trace"
  family "netdev" hook "ingress" @nh,0,160 is the raw ipv4 data
  total=0x765=1893, ID=0x2466,

  glueing the two ipv4 fragments together = 1500 + 413 - 20 = 1893, oops
  the nftables TRACE shows an already processed bigger ipv4 packet.

  there is a race condition!
  the ipv4 processing has to WAIT for all the rules in family "netdev" hook 
"ingress"
  I cannot control ether type 0x800 completely in family "netdev" hook "ingress"
  this is a security vulnerability!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1980590/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1918960] Re: kernel does not honor mokx revocations, allowing kexec lockdown bypass

2022-07-25 Thread Steve Beattie

This has been addressed in Ubuntu kernels derived from upstream 5.4 and
later. 4.15 kernels and older still need to be addressed.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1918960

Title:
  kernel does not honor mokx revocations, allowing kexec lockdown bypass

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  All kernels do not honor mokx certificate revocations, and thus does
  not honor the 2012 certificate revocation, nor the post 2017
  certificate signed kernels that allow acpi bypass. This can allow
  bypass of lockdown restrictions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918960/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1951927] Re: Array overflow in au_procfs_plm_write

2022-07-10 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: Expired => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951927

Title:
  Array overflow in au_procfs_plm_write

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  There is an simple array overflow when count = 20 in
  au_procfs_plm_write.

  static ssize_t au_procfs_plm_write(struct file *file, const char __user *ubuf,
   size_t count, loff_t *ppos)
  {
  ...
char buf[3 + sizeof(unsigned long) * 2 + 1];

err = -EACCES;
if (unlikely(!capable(CAP_SYS_ADMIN)))
goto out;

err = -EINVAL;
if (unlikely(count > sizeof(buf)))
goto out;

err = copy_from_user(buf, ubuf, count);
if (unlikely(err)) {
err = -EFAULT;
goto out;
}
buf[count] = 0;    sizeof(buf)))
goto out;

err = copy_from_user(buf, ubuf, count);
if (unlikely(err)) {
err = -EFAULT;
goto out;
}
  ---   buf[count] = 0;
  +++   buf[count - 1] = 0;

  ...
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1951927/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1976363] Re: upcoming update - nf oob

2022-06-07 Thread Steve Beattie

** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1966

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1976363

Title:
  upcoming update - nf oob

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  [Impact]
  An unprivileged user could write out-of-bounds by using nftables under a 
network namespace.

  [Test case]
  Test the PoC available at https://seclists.org/oss-sec/2022/q2/164.

  [Potential regression]
  nftables could be affected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976363/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1972740] Re: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

2022-05-18 Thread Steve Beattie

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30594

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1972740

Title:
  Unprivileged users may use PTRACE_SEIZE to set
  PTRACE_O_SUSPEND_SECCOMP option

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Impish:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed

Bug description:
  [Impact]
  PTRACE_O_SUSPEND_SECCOMP allows CRIU to disable seccomp on a process. 
However, setting this option requires privilege when used with 
PTRACE_SETOPTIONS. However, when used with PTRACE_SEIZE, no privilege is 
required. This allows sandboxed processes to exit the sandbox if they are 
allowed to use ptrace.

  [Test case]
  Run the reproducer from 
https://bugs.chromium.org/p/project-zero/issues/detail?id=2276.

  [Potential regression]
  This may break ptrace users, specially ones using PTRACE_SEIZE or 
PTRACE_SETOPTIONS. Special attention to processes being sandboxed with seccomp.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1972740/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1949186] Re: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities

2022-05-10 Thread Steve Beattie

** Changed in: linux-aws (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1949186

Title:
  Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass'
  hardware vulnerabilities

Status in linux-aws package in Ubuntu:
  Incomplete

Bug description:
  The Greenbone Security Assistant reporting me the following:
  Summary
  The remote host is missing one or more known mitigation(s) on Linux Kernel
side for the referenced 'SSB - Speculative Store Bypass' hardware 
vulnerabilities.
  Detection Result

  The Linux Kernel on the remote host is missing the mitigation for the
  "spec_store_bypass" hardware vulnerabilities as reported by the sysfs
  interface:

  sysfs file checked| Kernel status 
(SSH response)
  

  /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | Vulnerable

  Notes on the "Kernel status / SSH response" column:
  - sysfs file missing: The sysfs interface is available but the sysfs file for 
this specific vulnerability is missing. This means the kernel doesn't know this 
vulnerability yet and is not providing any mitigation which means the target 
system is vulnerable.
  - Strings including "Mitigation:", "Not affected" or "Vulnerable" are 
reported directly by the Linux Kernel.
  - All other strings are responses to various SSH commands.

  Product Detection Result
  Product

  cpe:/a:linux:kernel
  Method

  Detection of Linux Kernel mitigation status for hardware vulnerabilities 
(OID: 1.3.6.1.4.1.25623.1.0.108765)
  Log

  View details of product detection
  Detection Method
  Checks previous gathered information on the mitigation status reported
by the Linux Kernel.
  Details:

  Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' ...
  OID: 1.3.6.1.4.1.25623.1.0.108842

  Version used: 2021-07-07T02:00:46Z

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1949186/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1950644] Re: ubuntu_ltp_syscalls / finit_module02 fails on v4.15 and other kernels

2022-05-10 Thread Steve Beattie

Hi, is this still on the kernel team's radar to address in trusty and in
the various linux-azure kernels?

Thanks!

** Changed in: linux-oem-5.14 (Ubuntu Trusty)
   Status: New => Invalid

** Changed in: linux-oem-5.13 (Ubuntu Trusty)
   Status: New => Invalid

** Changed in: linux-oem-5.10 (Ubuntu Trusty)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.14 in Ubuntu.
https://bugs.launchpad.net/bugs/1950644

Title:
  ubuntu_ltp_syscalls / finit_module02 fails on v4.15 and other kernels

Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Fix Released
Status in linux-azure package in Ubuntu:
  New
Status in linux-oem-5.10 package in Ubuntu:
  Invalid
Status in linux-oem-5.13 package in Ubuntu:
  Invalid
Status in linux-oem-5.14 package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Confirmed
Status in linux-azure source package in Trusty:
  New
Status in linux-oem-5.10 source package in Trusty:
  Invalid
Status in linux-oem-5.13 source package in Trusty:
  Invalid
Status in linux-oem-5.14 source package in Trusty:
  Invalid
Status in linux source package in Bionic:
  Fix Released
Status in linux-azure source package in Bionic:
  New
Status in linux-oem-5.10 source package in Bionic:
  Invalid
Status in linux-oem-5.13 source package in Bionic:
  Invalid
Status in linux-oem-5.14 source package in Bionic:
  Invalid
Status in linux source package in Focal:
  Fix Released
Status in linux-azure source package in Focal:
  Fix Released
Status in linux-oem-5.10 source package in Focal:
  Fix Released
Status in linux-oem-5.13 source package in Focal:
  Fix Released
Status in linux-oem-5.14 source package in Focal:
  Fix Released
Status in linux source package in Hirsute:
  Fix Released
Status in linux-azure source package in Hirsute:
  Fix Released
Status in linux-oem-5.10 source package in Hirsute:
  Invalid
Status in linux-oem-5.13 source package in Hirsute:
  Invalid
Status in linux-oem-5.14 source package in Hirsute:
  Invalid
Status in linux source package in Impish:
  Fix Released
Status in linux-azure source package in Impish:
  Fix Released
Status in linux-oem-5.10 source package in Impish:
  Invalid
Status in linux-oem-5.13 source package in Impish:
  Invalid
Status in linux-oem-5.14 source package in Impish:
  Invalid
Status in linux source package in Jammy:
  Fix Released
Status in linux-azure source package in Jammy:
  New
Status in linux-oem-5.10 source package in Jammy:
  Invalid
Status in linux-oem-5.13 source package in Jammy:
  Invalid
Status in linux-oem-5.14 source package in Jammy:
  Invalid

Bug description:
  [Impact]
  Some uses of kernel_read_file_from_fd may lead to a WARN when the file is
  not opened for reading.

  The WARNING, however, is not present on earlier kernels, which will return
  a different error code. The fix, however, has been applied to upstream stable
  and may be worth so tests can PASS without much change.

  [Fix/Backport]
  The fix is trivial, but the backport for Focal and Bionic was picked up
  from 5.4.y upstream stable tree, because the function was moved to a
  different file.

  [Test case]
  The finit_module02 test case from LTP covers this.

  [Potential regression]
  kernel_read_file_from_fd is used for module loading and kexec, so there is
  where regressions might show up.

  
  =

  ubuntu_ltp / finit_module02 fails on Bionic Azure FIPS
  (4.15.0-2039.43), Bionic Azure (4.15.0-1127.140), Focal Azure
  (5.4.0-1064.67):

  
  tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
  finit_module02.c:119: TPASS: TestName: invalid-fd : EBADF (9)
  finit_module02.c:119: TPASS: TestName: zero-fd : EINVAL (22)
  finit_module02.c:119: TPASS: TestName: null-param : EFAULT (14)
  finit_module02.c:119: TPASS: TestName: invalid-param : EINVAL (22)
  finit_module02.c:119: TPASS: TestName: invalid-flags : EINVAL (22)
  tst_capability.c:29: TINFO: Dropping CAP_SYS_MODULE(16)
  finit_module02.c:119: TPASS: TestName: no-perm : EPERM (1)
  tst_capability.c:41: TINFO: Permitting CAP_SYS_MODULE(16)
  finit_module02.c:119: TPASS: TestName: module-exists : EEXIST (17)
  finit_module02.c:119: TFAIL: TestName: file-not-readable expected EBADF: 
ETXTBSY (26)
  finit_module02.c:119: TPASS: TestName: directory : EINVAL (22)

  HINT: You _MAY_ be missing kernel fixes, see:

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=032146cda855

  

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1950644/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1951927] Re: Array overflow in au_procfs_plm_write

2022-05-10 Thread Steve Beattie

Thanks, making this public.

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951927

Title:
  Array overflow in au_procfs_plm_write

Status in linux package in Ubuntu:
  New

Bug description:
  There is an simple array overflow when count = 20 in
  au_procfs_plm_write.

  static ssize_t au_procfs_plm_write(struct file *file, const char __user *ubuf,
   size_t count, loff_t *ppos)
  {
  ...
char buf[3 + sizeof(unsigned long) * 2 + 1];

err = -EACCES;
if (unlikely(!capable(CAP_SYS_ADMIN)))
goto out;

err = -EINVAL;
if (unlikely(count > sizeof(buf)))
goto out;

err = copy_from_user(buf, ubuf, count);
if (unlikely(err)) {
err = -EFAULT;
goto out;
}
buf[count] = 0;    sizeof(buf)))
goto out;

err = copy_from_user(buf, ubuf, count);
if (unlikely(err)) {
err = -EFAULT;
goto out;
}
  ---   buf[count] = 0;
  +++   buf[count - 1] = 0;

  ...
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1951927/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2022-04-12 Thread Steve Beattie

All work for this report has been completed, I believe the linux and
linux-meta tasks can be closed out as well.

** Changed in: linux (Ubuntu)
   Status: Triaged => Fix Released

** Changed in: linux-meta (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to zfs-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1914279

Title:
  linux from security may force reboots without complete dkms modules

Status in acpi-call package in Ubuntu:
  Fix Released
Status in apt package in Ubuntu:
  Invalid
Status in backport-iwlwifi-dkms package in Ubuntu:
  Fix Released
Status in bcmwl package in Ubuntu:
  Fix Released
Status in dahdi-linux package in Ubuntu:
  Fix Released
Status in dkms package in Ubuntu:
  Fix Released
Status in dm-writeboost package in Ubuntu:
  Fix Released
Status in evdi package in Ubuntu:
  Fix Released
Status in gost-crypto package in Ubuntu:
  Fix Released
Status in iptables-netflow package in Ubuntu:
  Fix Released
Status in liblzf package in Ubuntu:
  Fix Released
Status in lime-forensics package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux-meta package in Ubuntu:
  Fix Released
Status in lttng-modules package in Ubuntu:
  Fix Released
Status in nvidia-graphics-drivers-340 package in Ubuntu:
  Fix Released
Status in openafs package in Ubuntu:
  New
Status in oss4 package in Ubuntu:
  Fix Released
Status in r8168 package in Ubuntu:
  Fix Released
Status in rtl8812au package in Ubuntu:
  Fix Released
Status in sysdig package in Ubuntu:
  Fix Released
Status in unattended-upgrades package in Ubuntu:
  Invalid
Status in update-manager package in Ubuntu:
  Invalid
Status in v4l2loopback package in Ubuntu:
  Fix Released
Status in virtualbox package in Ubuntu:
  Fix Released
Status in virtualbox-hwe package in Ubuntu:
  Fix Released
Status in zfs-linux package in Ubuntu:
  Fix Released
Status in acpi-call source package in Focal:
  Fix Released
Status in backport-iwlwifi-dkms source package in Focal:
  Fix Released
Status in bcmwl source package in Focal:
  Fix Released
Status in dahdi-linux source package in Focal:
  Fix Released
Status in dm-writeboost source package in Focal:
  Fix Released
Status in evdi source package in Focal:
  Fix Released
Status in gost-crypto source package in Focal:
  Fix Released
Status in iptables-netflow source package in Focal:
  Fix Released
Status in liblzf source package in Focal:
  Fix Released
Status in lime-forensics source package in Focal:
  Fix Released
Status in lttng-modules source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-340 source package in Focal:
  Fix Released
Status in oss4 source package in Focal:
  Fix Released
Status in r8168 source package in Focal:
  Fix Released
Status in rtl8812au source package in Focal:
  Fix Released
Status in sysdig source package in Focal:
  Fix Released
Status in v4l2loopback source package in Focal:
  Fix Released
Status in virtualbox source package in Focal:
  Fix Released
Status in virtualbox-hwe source package in Focal:
  Fix Released
Status in zfs-linux source package in Focal:
  Fix Released

Bug description:
  Whilst discussing

  https://discourse.ubuntu.com/t/improvements-for-hardware-support-in-
  ubuntu-desktop-installation-media/20606

  We have noticed a reference to somebody not having working backport-
  iwlwifi-dkms, whilst SRU of that happened before the v5.4 -> v5.8
  switch.

  However, kernel meta switch was pushed to security pocket, but the
  dkms modules are all in -updates only.

  This may result in people automatically installing the new kernel with
  unatanded upgrades; dkms modules failing to build; and a reboot
  required flag left on disk.

  At this point launching update manager will not offer to install dkms
  modules from updates, and will guide the users to reboot. which
  will then cause them to boot the new kernel without the dkms modules
  that might be providing networking for them.

  Should dkms modules SRUs always getting published into -security
  pocket, as well as the -updates pocket?

  Should linux maintainer scripts prevent touching reboot required flag
  if any dkms modules fail to build?

  Should apt / unattanded-upgrades / update-manager always update dkms
  modules with kernels?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acpi-call/+bug/1914279/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1949186] Re: Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' hardware vulnerabilities

2022-04-12 Thread Steve Beattie

Hi Ammar, apologies for the delayed followup, what is the version of the
kernel that you are seeing this with? I.E. what is the output of running
the command 'cat /proc/version_signature' where this is showing up?

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1949186

Title:
  Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass'
  hardware vulnerabilities

Status in linux-aws package in Ubuntu:
  New

Bug description:
  The Greenbone Security Assistant reporting me the following:
  Summary
  The remote host is missing one or more known mitigation(s) on Linux Kernel
side for the referenced 'SSB - Speculative Store Bypass' hardware 
vulnerabilities.
  Detection Result

  The Linux Kernel on the remote host is missing the mitigation for the
  "spec_store_bypass" hardware vulnerabilities as reported by the sysfs
  interface:

  sysfs file checked| Kernel status 
(SSH response)
  

  /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | Vulnerable

  Notes on the "Kernel status / SSH response" column:
  - sysfs file missing: The sysfs interface is available but the sysfs file for 
this specific vulnerability is missing. This means the kernel doesn't know this 
vulnerability yet and is not providing any mitigation which means the target 
system is vulnerable.
  - Strings including "Mitigation:", "Not affected" or "Vulnerable" are 
reported directly by the Linux Kernel.
  - All other strings are responses to various SSH commands.

  Product Detection Result
  Product

  cpe:/a:linux:kernel
  Method

  Detection of Linux Kernel mitigation status for hardware vulnerabilities 
(OID: 1.3.6.1.4.1.25623.1.0.108765)
  Log

  View details of product detection
  Detection Method
  Checks previous gathered information on the mitigation status reported
by the Linux Kernel.
  Details:

  Missing Linux Kernel mitigations for 'SSB - Speculative Store Bypass' ...
  OID: 1.3.6.1.4.1.25623.1.0.108842

  Version used: 2021-07-07T02:00:46Z

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1949186/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1954832] Re: sctp: account for stream padding for reconf chunk

2022-04-12 Thread Steve Beattie

This has been fixed in all affected Ubuntu kernels, closing.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0322

** Information type changed from Private Security to Public Security

** Changed in: linux (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1954832

Title:
  sctp: account for stream padding for reconf chunk

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  [Impact]
  The missing account for stream padding may lead to the use of more buffer 
than was allocated buffer, causing a BUG_ON.

  [Potential regression]
  SCTP flows may stop working.

  [Test case]
  Run a privately shared test case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1954832/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1964427] Re: [Security] CVE-2022-0847 lib/iov_iter: initialize "flags" in new pipe_buffer

2022-04-11 Thread Steve Beattie

This was fixed in affected kernels in
https://ubuntu.com/security/notices/USN-5317-1 and
https://ubuntu.com/security/notices/USN-5362-1

** Package changed: ubuntu => linux (Ubuntu)

** Changed in: linux (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1964427

Title:
  [Security] CVE-2022-0847 lib/iov_iter: initialize "flags" in new
  pipe_buffer

Status in intel:
  New
Status in linux package in Ubuntu:
  Fix Released

Bug description:
  [Feature Description]

  CVE-2022-0847

  A critical linux kernel vulnerability has been found, which exists since 
Linux kernel v5.8 or later.
  If linux kernel has this commit f6dd975583bd ("pipe: merge 
anon_pipe_buf*_ops"), please backport this patch: 
9d2231c5d74e13b2a0546fee6737ee4446017903(“lib/iov_iter: initialize "flags" in 
new pipe_buffer”) to fix.
  Please note: This commit f6dd975583bd did not introduce the bug, it just made 
it easier to exploit.
  The vulnerability has been fixed in linux kernel 5.16.11, 5.15.25 and 
5.10.102.
   
  For more details see: 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847

  Commit: 9d2231c5d74e13b2a0546fee6737ee4446017903
  git tag --contains 9d2231c5d74e13b2a0546fee6737ee4446017903
  v5.17-rc6

  Commit:f6dd975583bd 
  git tag --contains f6dd975583bd
  v5.10

  Target Kernel: 5.17
  Target Release: 22.10/22.04/Others

  [HW/SW Information]
  Bug fix for vulnerability

  [Business Justification]
  Function improvement

To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1964427/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1951837] Re: new kernel 5.4.0-90-generic contain error with snat in vrf

2022-02-14 Thread Steve Beattie

Hi,

Thanks for reporting this issue. If the behavior fails due to a kernel
update, it's unlikely to be a problem in the user space nftables tool.

Looking for suspicious commits between 5.4.0-84.94 and 5.4.0-90.101,
https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/focal/commit/?id=318d87fed75ab207f5913ae5c6abf4f781c507f1
looks supicious and landed in 5.4.0-89.100.

However, that commit was reverted in https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/focal/commit/?id=cb3a632a2da90d23629b59c8da26460af0bc455a
, which landed in 5.4.0-97.110, published to focal at
https://launchpad.net/ubuntu/+source/linux/5.4.0-97.110 on February 7,
2022.

Are you still seeing this issue?

** Changed in: nftables (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951837

Title:
  new kernel 5.4.0-90-generic contain error with snat in vrf

Status in linux package in Ubuntu:
  Incomplete
Status in nftables package in Ubuntu:
  Invalid

Bug description:
  I update kernel 5.4.0-90-generic. Nftables(*0.9.3) not work SNAT in VRF.
  After reboot and use 5.4.0-84-generic all works!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1951837/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1951837] Re: new kernel 5.4.0-90-generic contain error with snat in vrf

2022-01-18 Thread Steve Beattie

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951837

Title:
  new kernel 5.4.0-90-generic contain error with snat in vrf

Status in linux package in Ubuntu:
  Incomplete
Status in nftables package in Ubuntu:
  New

Bug description:
  I update kernel 5.4.0-90-generic. Nftables(*0.9.3) not work SNAT in VRF.
  After reboot and use 5.4.0-84-generic all works!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1951837/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1958089] Re: Acer laptop screen goes black after a few hours of work

2022-01-17 Thread Steve Beattie

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1958089

Title:
  Acer laptop screen goes black after a few hours of work

Status in linux package in Ubuntu:
  Incomplete

Bug description:
  I recently switched from LM Cinnamon build to LM MATE build.
  Everything went fine at first, but now I experience issues where my
  screen goes black showing only the underscore flashing.

  Results:

  ubuntu-bug linux results:

  *** Collecting problem information

  The collected information can be sent to the developers to improve the
  application. This might take a few minutes.
  ...

  *** Problem in linux-image-5.4.0-94-generic

  The problem cannot be reported:

  This is not an official Linux package. Please remove any third party
  package and try again.

  
  cat /proc/version_signature > version.log results: 
  Ubuntu 5.4.0-94.106-generic 5.4.157

  sudo lspci -vnvn > lspci-vnvn.log results:
  pcilib: sysfs_read_vpd: read failed: Input/output error
  pcilib: sysfs_read_vpd: read failed: Input/output error

  lsb_release -rd results:
  Description:  Linux Mint 20.2
  Release:  20.2

  
  While browsing through 'System Log Viewer' tool on the system, I noticed a 
few lines saying things like 'kernel bug' or 'firmware bug'. After no luck on 
the forums, I was told that I should put this up here.

  Inxi -Fzn result: https://pastebin.com/raw/W3DUxUzu
  Xorg log (from System Log Viewer): https://pastebin.com/raw/ePCk2DaL
  kern.log (from System Log Viewer): https://pastebin.com/raw/ju233mxe
  syslog from System Log Viewer tool will be attached.

  I hope that any of this will be enough to identify the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1958089/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1956585] Re: OOB write on BPF_RINGBUF

2022-01-11 Thread Steve Beattie

This was assigned CVE-2021-4204.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4204

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1956585

Title:
  OOB write on BPF_RINGBUF

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  tr3e wang discovered that an OOB write existed in the eBPF subsystem
  in the Linux kernel on BPF_RINGBUF.

  Mitigation commit: https://git.launchpad.net/~ubuntu-
  
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83

  Mitigation:

  Disable unprivileged ebpf with:

    $ sudo sysctl kernel.unprivileged_bpf_disabled=1

  Unprivileged ebpf is disabled by default in Ubuntu 21.10 and newer.
  See https://www.kernel.org/doc/html/latest/admin-
  guide/sysctl/kernel.html#unprivileged-bpf-disabled for details on the
  configuration setting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1956585/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1956585] Re: OOB write on BPF_RINGBUF

2022-01-10 Thread Steve Beattie

** Description changed:

  tr3e wang discovered that an OOB write existed in the eBPF subsystem in
  the Linux kernel on BPF_RINGBUF.
  
  Mitigation commit: https://git.launchpad.net/~ubuntu-
  
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83
  
  Mitigation:
  
  Disable unprivileged ebpf with:
  
-   $ sudo sysctl kernel.unprivileged_bpf_disabled=1
+   $ sudo sysctl kernel.unprivileged_bpf_disabled=1
+ 
+ Unprivileged ebpf is disabled by default in Ubuntu 21.10 and newer. See
+ https://www.kernel.org/doc/html/latest/admin-
+ guide/sysctl/kernel.html#unprivileged-bpf-disabled for details on the
+ configuration setting.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1956585

Title:
  OOB write on BPF_RINGBUF

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  tr3e wang discovered that an OOB write existed in the eBPF subsystem
  in the Linux kernel on BPF_RINGBUF.

  Mitigation commit: https://git.launchpad.net/~ubuntu-
  
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83

  Mitigation:

  Disable unprivileged ebpf with:

    $ sudo sysctl kernel.unprivileged_bpf_disabled=1

  Unprivileged ebpf is disabled by default in Ubuntu 21.10 and newer.
  See https://www.kernel.org/doc/html/latest/admin-
  guide/sysctl/kernel.html#unprivileged-bpf-disabled for details on the
  configuration setting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1956585/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1956585] Re: OOB write on BPF_RINGBUF

2022-01-10 Thread Steve Beattie

** Description changed:

  tr3e wang discovered that an OOB write existed in the eBPF subsystem in
  the Linux kernel on BPF_RINGBUF.
  
  Mitigation commit: https://git.launchpad.net/~ubuntu-
  
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83
+ 
+ Mitigation:
+ 
+ Disable unprivileged ebpf with:
+ 
+   $ sudo sysctl kernel.unprivileged_bpf_disabled=1

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1956585

Title:
  OOB write on BPF_RINGBUF

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  tr3e wang discovered that an OOB write existed in the eBPF subsystem
  in the Linux kernel on BPF_RINGBUF.

  Mitigation commit: https://git.launchpad.net/~ubuntu-
  
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83

  Mitigation:

  Disable unprivileged ebpf with:

    $ sudo sysctl kernel.unprivileged_bpf_disabled=1

  Unprivileged ebpf is disabled by default in Ubuntu 21.10 and newer.
  See https://www.kernel.org/doc/html/latest/admin-
  guide/sysctl/kernel.html#unprivileged-bpf-disabled for details on the
  configuration setting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1956585/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1956585] Re: OOB write on BPF_RINGBUF

2022-01-10 Thread Steve Beattie

** Information type changed from Private Security to Public Security

** Description changed:

- Placeholder bug.
+ tr3e wang discovered that an OOB write existed in the eBPF subsystem in
+ the Linux kernel on BPF_RINGBUF.
+ 
+ Mitigation commit: https://git.launchpad.net/~ubuntu-
+ 
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1956585

Title:
  OOB write on BPF_RINGBUF

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  tr3e wang discovered that an OOB write existed in the eBPF subsystem
  in the Linux kernel on BPF_RINGBUF.

  Mitigation commit: https://git.launchpad.net/~ubuntu-
  
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1956585/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1943960] Re: s390x BPF JIT vulnerabilities

2021-09-22 Thread Steve Beattie

** Description changed:

  [Impact]
  s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading 
to possible local privilege escalation.
  
  [Mitigation]
  Disable unprivileged eBPF.
  sysctl -w kernel.unprivileged_bpf_disabled=1
  
  [Potential regression]
  BPF programs might execute incorrectly, affecting seccomp, socket filters, 
tracing and other BPF users.
+ 
+ Commits to address this are upstream in Linus' tree; they are:
+ 
+   1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
+   6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x8000 
constant")
+   db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")
+ 
+ and have been applied to the 5.14, 5.4 , 4.19, and 4.4 stable branches.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1943960

Title:
  s390x BPF JIT vulnerabilities

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released

Bug description:
  [Impact]
  s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading 
to possible local privilege escalation.

  [Mitigation]
  Disable unprivileged eBPF.
  sysctl -w kernel.unprivileged_bpf_disabled=1

  [Potential regression]
  BPF programs might execute incorrectly, affecting seccomp, socket filters, 
tracing and other BPF users.

  Commits to address this are upstream in Linus' tree; they are:

1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x8000 
constant")
db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")

  and have been applied to the 5.14, 5.4 , 4.19, and 4.4 stable
  branches.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1943960/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1943960] Re: s390x BPF JIT vulnerabilities

2021-09-22 Thread Steve Beattie

Commits to address this are upstream in Linus' tree; they are:

  1511df6f5e9e ("s390/bpf: Fix branch shortening during codegen pass")
  6e61dc9da0b7 ("s390/bpf: Fix 64-bit subtraction of the -0x8000 constant")
  db7bee653859 ("s390/bpf: Fix optimizing out zero-extensions")

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1943960

Title:
  s390x BPF JIT vulnerabilities

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released

Bug description:
  [Impact]
  s390 BPF JIT vulnerabilities allow the eBPF verifier to be bypassed, leading 
to possible local privilege escalation.

  [Mitigation]
  Disable unprivileged eBPF.
  sysctl -w kernel.unprivileged_bpf_disabled=1

  [Potential regression]
  BPF programs might execute incorrectly, affecting seccomp, socket filters, 
tracing and other BPF users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1943960/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1863299] Re: linux-aws fails to late load microcode, works with generic

2021-09-14 Thread Steve Beattie

Is this worth addressing in the cloud kernels or should we stick to
early microcode loads only?

** Changed in: linux-aws (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1863299

Title:
  linux-aws fails to late load microcode, works with generic

Status in linux-aws package in Ubuntu:
  Incomplete

Bug description:
  [Impact]

   * Late loading of intel microcode doesn't seem to work on aws.

  [Test Case]

   * Boot Focal on AWS metal instance
   * Install intel-microcode package
   * Disable early microcode loading:
 sudo rm /usr/share/initramfs-tools/hooks/intel_microcode to disable 
including microcde in the initrd
   * Update initrd
 sudo update-initramfs -u
   * Observe that late loading (due to /usr/lib/tmpfiles.d/intel-microcode.conf 
) does not happen.

  I.e. expected to see something like this:
  $ journalctl -b | grep microcode
  Feb 14 11:08:38 ottawa kernel: microcode: sig=0x506e3, pf=0x20, revision=0xc6
  Feb 14 11:08:38 ottawa kernel: microcode: Microcode Update Driver: v2.2.
  Feb 14 11:08:42 ottawa kernel: microcode: updated to revision 0xd6, date = 
2019-10-03
  Feb 14 11:08:42 ottawa kernel: x86/CPU: CPU features have changed after 
loading microcode, but might not take effect.
  Feb 14 11:08:42 ottawa kernel: microcode: Reload completed, microcode 
revision: 0xd6

  instead I see something like this:
  Feb 14 11:08:38 ottawa kernel: microcode: sig=0x506e3, pf=0x20, revision=0xc6
  Feb 14 11:08:38 ottawa kernel: microcode: Microcode Update Driver: v2.2.

  (no updated to revivsion  message)

  [Regression Potential]

   * Late loading is new, as the current default is to load microcode
  early from initrd. It will only change behaviour on initrd-less
  bionic-minimal images, and any image types on later releases, but only
  when booted on the .metal instances.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1863299/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1928888] Re: test_utils_testsuite from ubuntu_qrt_apparmor linux ADT test failure with linux/5.11.0-18.19

2021-09-07 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/192

Title:
  test_utils_testsuite from ubuntu_qrt_apparmor linux ADT test failure
  with linux/5.11.0-18.19

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Invalid

Bug description:
  This is a scripted bug report about ADT failures while running linux
  tests for linux/5.11.0-18.19 on hirsute. Whether this is caused by the
  dep8 tests of the tested source or the kernel has yet to be
  determined.

  Not a regression. Found to occur previously on hirsute/linux
  5.11.0-14.15

  Testing failed on:
  amd64: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/amd64/l/linux/20210515_005957_75e5a@/log.gz
  arm64: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/arm64/l/linux/20210513_203508_96fd3@/log.gz
  ppc64el: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/ppc64el/l/linux/20210513_163708_c0203@/log.gz
  s390x: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/s390x/l/linux/20210513_144454_54b04@/log.gz


test_zz_cleanup_source_tree (__main__.ApparmorTestsuites)
Cleanup downloaded source ... ok

==
FAIL: test_utils_testsuite (__main__.ApparmorTestsuites)
Run utils (make check)
--
Traceback (most recent call last):
  File 
"/tmp/autopkgtest.gBRfIs/build.V37/src/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py",
 line 1841, in test_utils_testsuite
self.assertEqual(expected, rc, result + report)
AssertionError: 0 != 2 : Got exit code 2, expected 0
ERROR: capability CAP_CHECKPOINT_RESTORE not found in severity.db
make: *** [Makefile:81: check_severity_db] Error 1


==
FAIL: test_utils_testsuite3 (__main__.ApparmorTestsuites)
Run utils (make check with python3)
--
Traceback (most recent call last):
  File 
"/tmp/autopkgtest.gBRfIs/build.V37/src/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py",
 line 1862, in test_utils_testsuite3
self.assertEqual(expected, rc, result + report)
AssertionError: 0 != 2 : Got exit code 2, expected 0
ERROR: capability CAP_CHECKPOINT_RESTORE not found in severity.db
make: *** [Makefile:81: check_severity_db] Error 1


--
Ran 58 tests in 1448.768s

FAILED (failures=2)
  23:36:54 INFO |   END ERROR   ubuntu_qrt_apparmor.test-apparmor.py
ubuntu_qrt_apparmor.test-apparmor.pytimestamp=1621035414localtime=May 
14 23:36:54

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/192/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1928888] Re: test_utils_testsuite from ubuntu_qrt_apparmor linux ADT test failure with linux/5.11.0-18.19

2021-08-26 Thread Steve Beattie

This is due to apparmor in hirsute missing the fix for
https://gitlab.com/apparmor/apparmor/-/merge_requests/656 which breaks
the apparmor python utils testsuite; the fix for this has landed in
impish's apparmor package.

We are unlikely to SRU a fix for this in hirsute, so have worked around it in 
qrt in 
https://git.launchpad.net/qa-regression-testing/commit/?id=e9701e125e7f854bd6bb1dec986e2cd1a776e80c
 

Thanks.


** Changed in: qa-regression-testing
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/192

Title:
  test_utils_testsuite from ubuntu_qrt_apparmor linux ADT test failure
  with linux/5.11.0-18.19

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Incomplete

Bug description:
  This is a scripted bug report about ADT failures while running linux
  tests for linux/5.11.0-18.19 on hirsute. Whether this is caused by the
  dep8 tests of the tested source or the kernel has yet to be
  determined.

  Not a regression. Found to occur previously on hirsute/linux
  5.11.0-14.15

  Testing failed on:
  amd64: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/amd64/l/linux/20210515_005957_75e5a@/log.gz
  arm64: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/arm64/l/linux/20210513_203508_96fd3@/log.gz
  ppc64el: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/ppc64el/l/linux/20210513_163708_c0203@/log.gz
  s390x: 
https://autopkgtest.ubuntu.com/results/autopkgtest-hirsute/hirsute/s390x/l/linux/20210513_144454_54b04@/log.gz


test_zz_cleanup_source_tree (__main__.ApparmorTestsuites)
Cleanup downloaded source ... ok

==
FAIL: test_utils_testsuite (__main__.ApparmorTestsuites)
Run utils (make check)
--
Traceback (most recent call last):
  File 
"/tmp/autopkgtest.gBRfIs/build.V37/src/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py",
 line 1841, in test_utils_testsuite
self.assertEqual(expected, rc, result + report)
AssertionError: 0 != 2 : Got exit code 2, expected 0
ERROR: capability CAP_CHECKPOINT_RESTORE not found in severity.db
make: *** [Makefile:81: check_severity_db] Error 1


==
FAIL: test_utils_testsuite3 (__main__.ApparmorTestsuites)
Run utils (make check with python3)
--
Traceback (most recent call last):
  File 
"/tmp/autopkgtest.gBRfIs/build.V37/src/autotest/client/tmp/ubuntu_qrt_apparmor/src/qa-regression-testing/scripts/./test-apparmor.py",
 line 1862, in test_utils_testsuite3
self.assertEqual(expected, rc, result + report)
AssertionError: 0 != 2 : Got exit code 2, expected 0
ERROR: capability CAP_CHECKPOINT_RESTORE not found in severity.db
make: *** [Makefile:81: check_severity_db] Error 1


--
Ran 58 tests in 1448.768s

FAILED (failures=2)
  23:36:54 INFO |   END ERROR   ubuntu_qrt_apparmor.test-apparmor.py
ubuntu_qrt_apparmor.test-apparmor.pytimestamp=1621035414localtime=May 
14 23:36:54

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/192/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1938893] Re: Network perpherals not detected

2021-08-25 Thread Steve Beattie

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed-hwe-5.11 in Ubuntu.
https://bugs.launchpad.net/bugs/1938893

Title:
  Network perpherals not detected

Status in linux-signed-hwe-5.11 package in Ubuntu:
  New

Bug description:
  After updating the kernel to the version 5.11.0.22 all network
  peripherals stopped working. It appears they are not detected on lshw
  or lsusb. I've tried with the ethernet port on the motherboard and an
  external wifi board and also using USB tethering from a phone. None
  was detected and network is not working. Then I've tried to go back to
  kernel version 5.8 which is still working correctly. If you need more
  info, feel free to ask me.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.11.0-25-generic 5.11.0-25.27~20.04.1
  ProcVersionSignature: Ubuntu 5.11.0-25.27~20.04.1-generic 5.11.22
  Uname: Linux 5.11.0-25-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu27.18
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Aug  4 13:17:14 2021
  InstallationDate: Installed on 2021-06-11 (53 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=it_IT.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-signed-hwe-5.11
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed-hwe-5.11/+bug/1938893/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1940333] Re: package kerneloops 0.12+git20140509-6ubuntu3 failed to install/upgrade: el subproceso instalado paquete kerneloops script post-installation devolvió el código de sa

2021-08-25 Thread Steve Beattie

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to kerneloops in Ubuntu.
https://bugs.launchpad.net/bugs/1940333

Title:
  package kerneloops 0.12+git20140509-6ubuntu3 failed to
  install/upgrade: el subproceso instalado paquete kerneloops script
  post-installation devolvió el código de salida de error 1

Status in kerneloops package in Ubuntu:
  New

Bug description:
  3 fails

  ProblemType: Package
  DistroRelease: Ubuntu 21.04
  Package: kerneloops 0.12+git20140509-6ubuntu3
  ProcVersionSignature: Ubuntu 5.11.0-25.27-generic 5.11.22
  Uname: Linux 5.11.0-25-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu65.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Tue Aug 17 15:19:24 2021
  ErrorMessage: el subproceso instalado paquete kerneloops script 
post-installation devolvió el código de salida de error 1
  InstallationDate: Installed on 2021-08-11 (5 days ago)
  InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  Python3Details: /usr/bin/python3.9, Python 3.9.5, python3-minimal, 3.9.4-1
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.20.9ubuntu1
   apt  2.2.4ubuntu0.1
  SourcePackage: kerneloops
  Title: package kerneloops 0.12+git20140509-6ubuntu3 failed to 
install/upgrade: el subproceso instalado paquete kerneloops script 
post-installation devolvió el código de salida de error 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kerneloops/+bug/1940333/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1933980] Re: NVIDIA CVE-2021-{1093|1094|1094}

2021-08-10 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1933980

Title:
  NVIDIA CVE-2021-{1093|1094|1094}

Status in fabric-manager-450 package in Ubuntu:
  Fix Released
Status in fabric-manager-460 package in Ubuntu:
  Fix Released
Status in libnvidia-nscq-450 package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Triaged
Status in linux-restricted-modules package in Ubuntu:
  Triaged
Status in nvidia-graphics-drivers-390 package in Ubuntu:
  In Progress
Status in nvidia-graphics-drivers-418-server package in Ubuntu:
  In Progress
Status in nvidia-graphics-drivers-450-server package in Ubuntu:
  In Progress
Status in nvidia-graphics-drivers-460 package in Ubuntu:
  In Progress
Status in nvidia-graphics-drivers-460-server package in Ubuntu:
  In Progress
Status in nvidia-graphics-drivers-465 package in Ubuntu:
  In Progress
Status in nvidia-settings package in Ubuntu:
  Fix Released
Status in fabric-manager-450 source package in Bionic:
  Fix Released
Status in fabric-manager-460 source package in Bionic:
  Fix Released
Status in libnvidia-nscq-450 source package in Bionic:
  Fix Released
Status in linux source package in Bionic:
  Triaged
Status in linux-restricted-modules source package in Bionic:
  Triaged
Status in nvidia-graphics-drivers-390 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-418-server source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-450-server source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-460 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-460-server source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-465 source package in Bionic:
  In Progress
Status in nvidia-settings source package in Bionic:
  Fix Released
Status in fabric-manager-450 source package in Focal:
  Fix Released
Status in fabric-manager-460 source package in Focal:
  Fix Released
Status in libnvidia-nscq-450 source package in Focal:
  Fix Released
Status in linux source package in Focal:
  Triaged
Status in linux-restricted-modules source package in Focal:
  Triaged
Status in nvidia-graphics-drivers-390 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-418-server source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-450-server source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-460 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-460-server source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-465 source package in Focal:
  In Progress
Status in nvidia-settings source package in Focal:
  Fix Released
Status in fabric-manager-450 source package in Groovy:
  Fix Released
Status in fabric-manager-460 source package in Groovy:
  Fix Released
Status in libnvidia-nscq-450 source package in Groovy:
  Fix Released
Status in linux source package in Groovy:
  Won't Fix
Status in linux-restricted-modules source package in Groovy:
  Won't Fix
Status in nvidia-graphics-drivers-390 source package in Groovy:
  Fix Released
Status in nvidia-graphics-drivers-418-server source package in Groovy:
  Fix Released
Status in nvidia-graphics-drivers-450-server source package in Groovy:
  Fix Released
Status in nvidia-graphics-drivers-460 source package in Groovy:
  Fix Released
Status in nvidia-graphics-drivers-460-server source package in Groovy:
  Fix Released
Status in nvidia-graphics-drivers-465 source package in Groovy:
  Won't Fix
Status in nvidia-settings source package in Groovy:
  Fix Released
Status in fabric-manager-450 source package in Hirsute:
  Fix Released
Status in fabric-manager-460 source package in Hirsute:
  Fix Released
Status in libnvidia-nscq-450 source package in Hirsute:
  Fix Released
Status in linux source package in Hirsute:
  Triaged
Status in linux-restricted-modules source package in Hirsute:
  Triaged
Status in nvidia-graphics-drivers-390 source package in Hirsute:
  Fix Released
Status in nvidia-graphics-drivers-418-server source package in Hirsute:
  Fix Released
Status in nvidia-graphics-drivers-450-server source package in Hirsute:
  Fix Released
Status in nvidia-graphics-drivers-460 source package in Hirsute:
  Fix Released
Status in nvidia-graphics-drivers-460-server source package in Hirsute:
  Fix Released
Status in nvidia-graphics-drivers-465 source package in Hirsute:
  In Progress
Status in nvidia-settings source package in Hirsute:
  Fix Released

Bug description:
  As per the subject, the update includes fixes for the following CVEs:

  CVE-2021-1093
  CVE-2021-1094
  CVE-2021-1095

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fabric-manager-450/+bug/1933980/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to

[Kernel-packages] [Bug 1935899] Re: package nvidia-dkms-460 460.80-0ubuntu0.20.10.2 failed to install/upgrade: installed nvidia-dkms-460 package post-installation script subprocess returned error exit

2021-07-29 Thread Steve Beattie

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to nvidia-graphics-drivers-460 in Ubuntu.
https://bugs.launchpad.net/bugs/1935899

Title:
  package nvidia-dkms-460 460.80-0ubuntu0.20.10.2 failed to
  install/upgrade: installed nvidia-dkms-460 package post-installation
  script subprocess returned error exit status 1

Status in nvidia-graphics-drivers-460 package in Ubuntu:
  New

Bug description:
  vjh

  ProblemType: Package
  DistroRelease: Ubuntu 20.10
  Package: nvidia-dkms-460 460.80-0ubuntu0.20.10.2
  ProcVersionSignature: Ubuntu 5.8.0-59.66-generic 5.8.18
  Uname: Linux 5.8.0-59-generic x86_64
  ApportVersion: 2.20.11-0ubuntu50.7
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Mon Jul 12 10:26:50 2021
  ErrorMessage: installed nvidia-dkms-460 package post-installation script 
subprocess returned error exit status 1
  InstallationDate: Installed on 2021-07-04 (8 days ago)
  InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 
3.8.6-0ubuntu1
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.20.5ubuntu2
   apt  2.1.10ubuntu0.3
  SourcePackage: nvidia-graphics-drivers-460
  Title: package nvidia-dkms-460 460.80-0ubuntu0.20.10.2 failed to 
install/upgrade: installed nvidia-dkms-460 package post-installation script 
subprocess returned error exit status 1
  UpgradeStatus: Upgraded to groovy on 2021-07-12 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-460/+bug/1935899/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1930921] Re: Apache 2.4.41 corrupts files from samba share

2021-06-08 Thread Steve Beattie

** Changed in: apache2 (Ubuntu)
   Status: New => Confirmed

** Changed in: samba (Ubuntu)
   Status: New => Confirmed

** Changed in: linux (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1930921

Title:
  Apache 2.4.41 corrupts files from samba share

Status in apache2 package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Confirmed
Status in samba package in Ubuntu:
  Confirmed

Bug description:
  Wenn I serve a samba share with apache 2.4.41 on Ubuntu 20.04 then
  some files have a corrupt header during transmission. It seems that
  the first few bytes of the headers are truncated and sometimes other
  bytes of the download are not belonging to the file.

  A workaround I found that works is to set "EnableMMAP Off" in the
  apache config.

  See other bug reports like this:

  
https://serverfault.com/questions/1044724/apache2-sends-corrupt-responses-when-using-a-cifs-share
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900821

  This is most probably not a bug in Ubuntu itself but I am reporting it
  here since I assume that a data corruption bug is seen as critical.

  I am also marking it as a security vulnerability since it seems that wrong 
parts of memory get exposed during file download. I don't know how random the 
exposed memory is and if it potentially could expose e.g. secrets.
  Please feel free to remove the security vulnerability flag if your assessment 
leads to a different conclusion.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1930921/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1931251] Re: package nvidia-kernel-common-390 390.143-0ubuntu0.20.04.1 failed to install/upgrade: installed nvidia-kernel-common-390 package post-installation script subprocess

2021-06-08 Thread Steve Beattie

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to nvidia-graphics-drivers-390 in Ubuntu.
https://bugs.launchpad.net/bugs/1931251

Title:
  package nvidia-kernel-common-390 390.143-0ubuntu0.20.04.1 failed to
  install/upgrade: installed nvidia-kernel-common-390 package post-
  installation script subprocess returned error exit status 1

Status in nvidia-graphics-drivers-390 package in Ubuntu:
  New

Bug description:
  While installing Ubuntu on my machine I received an error and I was
  prompted to send a crash - failure report.

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: nvidia-kernel-common-390 390.143-0ubuntu0.20.04.1
  ProcVersionSignature: Ubuntu 5.8.0-43.49~20.04.1-generic 5.8.18
  Uname: Linux 5.8.0-43-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Tue Jun  8 12:34:49 2021
  Dependencies:
   
  ErrorMessage: installed nvidia-kernel-common-390 package post-installation 
script subprocess returned error exit status 1
  Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.4
  SourcePackage: nvidia-graphics-drivers-390
  Title: package nvidia-kernel-common-390 390.143-0ubuntu0.20.04.1 failed to 
install/upgrade: installed nvidia-kernel-common-390 package post-installation 
script subprocess returned error exit status 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/+bug/1931251/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1921211] Re: Taking a memory dump of user mode process on Xenial hosts causes bugcheck/kernel panic and core dump

2021-05-18 Thread Steve Beattie

This was fixed with linux 4.4.0-211.243 in Ubuntu 16.04 ESM (Infra).

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1921211

Title:
  Taking a memory dump of user mode process on Xenial hosts causes
  bugcheck/kernel panic and core dump

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  We have some Ubuntu 16.04 hosts (in Hyper-V) being used for testing some 
Ubuntu 20.04 container. As part of the testing we were attempting to take a 
memory dump of a container running SQL Server with Ubuntu 20.04 on the Ubuntu 
16.04 host we started seeing kernel panic and core dump. It started happening 
after a specific Xenial kernel update on the host.
  4.4.0-204-generic - Systems that are crashing
  4.4.0-201-generic - Systems that are able to capture dump

  Note from the developer indicates following logging showing up.
  
  Now the following is output right after I attempt to start the dump. (gdb, 
attach ###, generate-core-file /var/opt/mssql/log/rdorr.delme.core)

  [Fri Mar 19 20:01:38 2021] systemd-journald[581]: Successfully sent stream 
file descriptor to service manager.
  [Fri Mar 19 20:01:41 2021] cni0: port 9(vethdec5d2b7) entered forwarding state
  [Fri Mar 19 20:02:42 2021] systemd-journald[581]: Successfully sent stream 
file descriptor to service manager.
  [Fri Mar 19 20:03:04 2021] [ cut here ]
  [Fri Mar 19 20:03:04 2021] kernel BUG at 
/build/linux-qlAbvR/linux-4.4.0/mm/memory.c:3214!
  [Fri Mar 19 20:03:04 2021] invalid opcode:  [#1] SMP
  [Fri Mar 19 20:03:04 2021] Modules linked in: veth vxlan ip6_udp_tunnel 
udp_tunnel xt_statistic xt_nat ipt_REJECT nf_reject_ipv4 xt_tcpudp ip_vs_sh 
ip_vs_wrr ip_vs_rr ip_vs libcrc32c ip6table_nat nf_conntrack_ipv6 
nf_defrag_ipv6 nf_nat_ipv6 ip6_tables xt_comment xt_mark xt_conntrack 
ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user 
xfrm_algo xt_addrtype iptable_filter iptable_nat nf_conntrack_ipv4 
nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack ip_tables x_tables br_netfilter 
bridge stp llc aufs overlay nls_utf8 isofs crct10dif_pclmul crc32_pclmul 
ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper 
cryptd input_leds serio_raw i2c_piix4 hv_balloon hyperv_fb 8250_fintek joydev 
mac_hid autofs4 hid_generic hv_utils hid_hyperv ptp hv_netvsc hid hv_storvsc 
pps_core
  [Fri Mar 19 20:03:04 2021] hyperv_keyboard scsi_transport_fc psmouse 
pata_acpi hv_vmbus floppy fjes
  [Fri Mar 19 20:03:04 2021] CPU: 1 PID: 24869 Comm: gdb Tainted: G W 
4.4.0-204-generic #236-Ubuntu
  [Fri Mar 19 20:03:04 2021] Hardware name: Microsoft Corporation Virtual 
Machine/Virtual Machine, BIOS 090007 05/18/2018
  [Fri Mar 19 20:03:04 2021] task: 880db9229c80 ti: 880d93b9c000 
task.ti: 880d93b9c000
  [Fri Mar 19 20:03:04 2021] RIP: 0010:[] 
[] handle_mm_fault+0x13de/0x1b80
  [Fri Mar 19 20:03:04 2021] RSP: 0018:880d93b9fc28 EFLAGS: 00010246
  [Fri Mar 19 20:03:04 2021] RAX: 0100 RBX:  RCX: 
0120
  [Fri Mar 19 20:03:04 2021] RDX: 880ea635f3e8 RSI: 3000 RDI: 

  [Fri Mar 19 20:03:04 2021] RBP: 880d93b9fce8 R08: 3ff32179a120 R09: 
007d
  [Fri Mar 19 20:03:04 2021] R10: 880003e8 R11: 03e8 R12: 
8800ea672708
  [Fri Mar 19 20:03:04 2021] R13:  R14: 00010247d000 R15: 
8800f27fe400
  [Fri Mar 19 20:03:04 2021] FS: 7fdc26061600() 
GS:88102564() knlGS:
  [Fri Mar 19 20:03:04 2021] CS: 0010 DS:  ES:  CR0: 80050033
  [Fri Mar 19 20:03:04 2021] CR2: 55e3a0011290 CR3: 000d93ba4000 CR4: 
00160670
  [Fri Mar 19 20:03:04 2021] Stack:
  [Fri Mar 19 20:03:04 2021] 81082929 fffd 81082252 
880d93b9fca8
  [Fri Mar 19 20:03:04 2021] 811c7bca 8800f27fe400 00010247d000 
880e74a88090
  [Fri Mar 19 20:03:04 2021] 3a98d7f0 880e0001 880003e8 
0017
  [Fri Mar 19 20:03:04 2021] Call Trace:
  [Fri Mar 19 20:03:04 2021] [] ? mm_access+0x79/0xa0
  [Fri Mar 19 20:03:04 2021] [] ? mmput+0x12/0x130
  [Fri Mar 19 20:03:04 2021] [] ? follow_page_pte+0x1ca/0x3d0
  [Fri Mar 19 20:03:04 2021] [] ? follow_page_mask+0x214/0x3a0
  [Fri Mar 19 20:03:04 2021] [] __get_user_pages+0x130/0x680
  [Fri Mar 19 20:03:04 2021] [] ? path_openat+0x348/0x1360
  [Fri Mar 19 20:03:04 2021] [] get_user_pages+0x34/0x40
  [Fri Mar 19 20:03:04 2021] [] __access_remote_vm+0xe4/0x2d0
  [Fri Mar 19 20:03:04 2021] [] ? 
alloc_pages_current+0x8c/0x110
  [Fri Mar 19 20:03:04 2021] [] access_remote_vm+0x1f/0x30
  [Fri Mar 19 20:03:04 2021] [] mem_rw.isra.16+0xfa/0x190
  [Fri Mar 19

[Kernel-packages] [Bug 1879341] Re: test_350_retpolined_modules from ubuntu_qrt_kernel_security failed on F-OEM-5.6

2021-05-18 Thread Steve Beattie

** Changed in: linux-oem-5.6 (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1879341

Title:
  test_350_retpolined_modules from ubuntu_qrt_kernel_security failed on
  F-OEM-5.6

Status in QA Regression Testing:
  New
Status in ubuntu-kernel-tests:
  New
Status in linux-oem-5.6 package in Ubuntu:
  Confirmed

Bug description:
==
FAIL: test_350_retpolined_modules (__main__.KernelSecurityTest)
Test to ensure all modules are built with retpoline on x86
--
Traceback (most recent call last):
  File "./test-kernel-security.py", line 2094, in 
test_350_retpolined_modules
raise self.failureException('Module %s not compiled with 
retpoline:\n%s' % (module, error_output))
AssertionError: Module 
/lib/modules/5.6.0-1010-oem/kernel/drivers/regulator/da903x.ko not compiled 
with retpoline:
Command: 'modinfo', '-k', '5.6.0-1010-oem', 
'/lib/modules/5.6.0-1010-oem/kernel/drivers/regulator/da903x.ko'
Output:
filename:   
/lib/modules/5.6.0-1010-oem/kernel/drivers/regulator/da903x.ko
license:GPL v2
file:   drivers/mfd/da903x
author: Mike Rapoport 
author: Eric Miao 
description:PMIC Driver for Dialog Semiconductor DA9034

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.6.0-1010-oem 5.6.0-1010.10
  ProcVersionSignature: User Name 5.6.0-1010.10-oem 5.6.8
  Uname: Linux 5.6.0-1010-oem x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Mon May 18 14:48:02 2020
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-signed-oem-5.6
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1879341/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1927409] Re: Race between two functions

2021-05-11 Thread Steve Beattie

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1927409

Title:
  Race between two functions

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  A race condition in the CAN ISOTP networking protocol was discovered
  which allows forbidden changing of socket members after binding
  the socket.

  In particular, the lack of locking behavior in isotp_setsockopt() 
  makes it feasible to assign the flag CAN_ISOTP_SF_BROADCAST to the
  socket, despite having previously registered a can receiver. After
  closing the isotp socket, the can receiver will still be registered
  and use-after-free's can be triggered in isotp_rcv() on the freed
  isotp_sock structure.  This leads to arbitrary kernel execution by
  overwriting the sk_error_report()pointer, which can be misused in
  order to execute a user-controlled ROP chain to gain root privileges.

  The vulnerability was introduced with the introduction of SF_BROADCAST
  support in commit 921ca574cd38 ("can: isotp: add SF_BROADCAST support
  for functional addressing") in 5.11-rc1.  In fact, commit 323a391a220c
  ("can: isotp: isotp_setsockopt(): block setsockopt on bound sockets")
  did not effectively prevent isotp_setsockopt() from modifying socket
  members before isotp_bind(). 

  Credits: Norbert Slusarek

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1927409/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1879339] Re: test_310_config_security_perf_events_restrict / test_400_refcount_config in ubuntu_qrt_kernel_security failed on F-OEM-5.6

2021-05-10 Thread Steve Beattie

Sorry for the lag on this issue.

Timo, while the added hooks are useful, they don't for the time being
obviate the need for the larger hammer of the sysctl, so we'd still like
to keep the referred to patch available, until we are forced to make a
choice if and when upstream drops the sysctl entirely.

Po-Hsu, if it's easier for tracking for it to be a separate bug report,
that's fine. Am hoping ot have more time soon to focus on qa-r-t issues
when they come up.

Thanks.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1879339

Title:
  test_310_config_security_perf_events_restrict /
  test_400_refcount_config in ubuntu_qrt_kernel_security failed on
  F-OEM-5.6

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  New
Status in linux-oem-5.6 package in Ubuntu:
  Confirmed

Bug description:
==
FAIL: test_310_config_security_perf_events_restrict 
(__main__.KernelSecurityConfigTest)
Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set
--
Traceback (most recent call last):
  File "./test-kernel-security.py", line 2704, in 
test_310_config_security_perf_events_restrict
self.assertKernelConfig(config_name, expected)
  File "./test-kernel-security.py", line 214, in assertKernelConfig
self.assertKernelConfigSet(name)
  File "./test-kernel-security.py", line 201, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: SECURITY_PERF_EVENTS_RESTRICT option was expected to be set 
in the kernel config

==
FAIL: test_400_refcount_config (__main__.KernelSecurityConfigTest)
Ensure kernel refcount protections are enabled
--
Traceback (most recent call last):
  File "./test-kernel-security.py", line 2817, in test_400_refcount_config
self.assertKernelConfig(config_name, expected)
  File "./test-kernel-security.py", line 214, in assertKernelConfig
self.assertKernelConfigSet(name)
  File "./test-kernel-security.py", line 201, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: ARCH_HAS_REFCOUNT option was expected to be set in the 
kernel config

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.6.0-1010-oem 5.6.0-1010.10
  ProcVersionSignature: User Name 5.6.0-1010.10-oem 5.6.8
  Uname: Linux 5.6.0-1010-oem x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Mon May 18 14:44:11 2020
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-signed-oem-5.6
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1879339/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1879341] Re: test_350_retpolined_modules from ubuntu_qrt_kernel_security failed on F-OEM-5.6

2021-05-10 Thread Steve Beattie

Hi, this looks like a legit issue with the linux-oem-5.6 da903x-
regulator module, which appears to have been addressed in f16861b12fa0
("regulator: rename da903x to da903x-regulator") (v5.8-rc6), which
points out that kmod gets confused before that commit.

You can verify this with e.g.:

  $ modinfo -k 5.6.0-1055-oem 
/lib/modules/5.6.0-1055-oem/kernel/drivers/regulator/da903x.ko
  filename:   /lib/modules/5.6.0-1055-oem/kernel/drivers/regulator/da903x.ko
  license:GPL v2
  file:   drivers/mfd/da903x
  author: Mike Rapoport 
  author: Eric Miao 
  description:PMIC Driver for Dialog Semiconductor DA9034

versus the da903x backlight driver:

  $ modinfo -k 5.6.0-1055-oem 
/lib/modules/5.6.0-1055-oem/kernel/drivers/video/backlight/da903x_bl.ko
  filename:   
/lib/modules/5.6.0-1055-oem/kernel/drivers/video/backlight/da903x_bl.ko
  alias:  platform:da903x-backlight
  license:GPL
  author: Mike Rapoport 
  author: Eric Miao 
  description:Backlight Driver for Dialog Semiconductor DA9030/DA9034
  srcversion: 5FEF8A3329A530B5C1874A5
  depends:
  retpoline:  Y
  intree: Y
  name:   da903x_bl
  vermagic:   5.6.0-1055-oem SMP mod_unload modversions 
  sig_id: PKCS#7
  signer: Build time autogenerated kernel key
  sig_key:5B:09:65:9C:C7:55:2E:3D:11:79:28:EA:EE:F1:AD:DB:18:F9:34:F7
  sig_hashalgo:   sha512
  signature:  8E:0D:4A:F9:F1:F8:D3:AC:84:0F:D0:77:91:AA:62:1B:C0:65:81:AE:
  39:19:77:92:9A:99:E2:6A:A5:3A:C1:30:71:2A:89:AB:AD:24:95:06:
  F5:7D:AD:3D:A2:E6:25:66:8C:E1:44:07:37:39:0F:9F:B4:50:E1:6B:
  6A:8E:2C:1E:57:A8:76:65:88:46:12:B4:30:A1:3C:B7:96:17:1E:D7:
  C1:9A:C7:8A:48:05:0A:BF:3E:E3:D6:1B:14:50:EE:E2:FC:00:10:AE:
  18:7E:04:72:22:A0:61:31:9A:F2:8A:F5:0B:5C:87:F1:E3:63:58:6B:
  CE:AF:57:6B:EA:B7:E2:ED:17:17:E6:40:C7:92:0B:05:22:E6:06:3B:
  3B:C5:14:5F:A8:46:C3:20:A6:CB:B6:B9:9D:C9:39:A0:A1:34:90:3F:
  5B:1A:D2:EC:C4:C5:F5:84:DF:2F:16:B2:E1:92:C0:C0:A1:5F:1B:A6:
  45:69:6A:4D:16:85:9A:44:2C:13:58:5F:47:33:F3:4D:A6:E0:77:A2:
  2B:DA:76:C5:5C:17:6C:47:6A:E9:C8:A4:00:DB:F7:AA:27:5E:87:A3:
  63:BC:1B:C9:75:99:AC:5F:B1:77:18:21:6E:90:D6:70:D8:E9:8E:EE:
  59:68:44:73:CC:6E:30:FF:9D:A8:41:E2:32:1E:F7:8B:E6:97:F6:3F:
  D4:70:69:AA:02:9E:AA:C6:D6:5A:F2:64:9F:DA:E5:7F:41:2B:E5:D4:
  24:DD:20:72:4E:42:F4:5A:D4:73:46:12:61:66:99:0B:D7:35:47:2B:
  73:A2:9A:1E:4D:18:49:8D:AB:18:82:D7:A3:6C:4E:95:A4:98:7F:88:
  9E:22:74:F6:20:46:50:E1:E1:32:12:3C:32:C9:89:85:FB:F1:DC:C0:
  F1:C7:EB:45:89:E9:B5:A0:89:C3:0B:FD:FE:2D:07:28:14:AD:E9:1E:
  C1:5D:35:79:B0:53:0D:31:15:CB:74:F6:7F:E4:FE:BF:01:D4:35:34:
  4C:28:86:0A:8D:66:F5:7C:39:D3:7D:FC:69:B4:CD:6D:3A:84:8D:45:
  87:77:64:C4:A5:AD:7A:11:7C:EF:B8:EC:97:E5:EC:F4:F2:99:3D:54:
  A0:E4:08:97:28:A0:39:CE:2C:23:0C:0F:D6:28:5D:D2:AB:21:40:B7:
  F9:8E:67:50:85:62:1C:1B:4B:7E:1E:81:06:91:8B:05:B2:A4:E7:33:
  18:0E:11:D5:36:7C:00:DA:47:2C:FD:12:5A:E0:55:45:65:2A:65:9D:
  A3:32:24:44:B9:BA:E0:58:3C:D1:74:D4:98:A5:43:9C:DB:6A:B6:7C:
  27:43:EE:74:3B:BA:B2:B6:6D:F3:42:52

(It's not clear whether this is just modinfo not being able to report
correct results or that the module is actually built without retpoline
and is also unsigned.)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1879341

Title:
  test_350_retpolined_modules from ubuntu_qrt_kernel_security failed on
  F-OEM-5.6

Status in QA Regression Testing:
  New
Status in ubuntu-kernel-tests:
  New
Status in linux-oem-5.6 package in Ubuntu:
  New

Bug description:
==
FAIL: test_350_retpolined_modules (__main__.KernelSecurityTest)
Test to ensure all modules are built with retpoline on x86
--
Traceback (most recent call last):
  File "./test-kernel-security.py", line 2094, in 
test_350_retpolined_modules
raise self.failureException('Module %s not compiled with 
retpoline:\n%s' % (module, error_output))
AssertionError: Module 
/lib/modules/5.6.0-1010-oem/kernel/drivers/regulator/da903x.ko not compiled 
with retpoline:
Command: 'modinfo', '-k', '5.6.0-1010-oem', 
'/lib/modules/5.6.0-1010-oem/kernel/drivers/regulator/da903x.ko'
Output:
filename:   
/lib/modules/5.6.0-1010-oem/kernel/drivers/regulator/da903x.ko
license:GPL v2
file:   drivers/mfd/da903x
author: Mike

[Kernel-packages] [Bug 1909937] Re: Physical Ethernet interfaces leak MAC addresses on link up

2021-04-20 Thread Steve Beattie

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1909937

Title:
  Physical Ethernet interfaces leak MAC addresses on link up

Status in linux package in Ubuntu:
  New

Bug description:
  An Ethernet interface without IPv4 or IPv6 link-local addresses still
  emits IPv6 ICMPv6 Multicast Listener Report Messages.  These messages
  include the source MAC address of the Ethernet interface itself,
  leaking that address to a network being monitored for (e.g.) security
  purposes.

  TO REPLICATE
  

  1. Confirm that interface is configured without IPv6 or IPv6 link-
  local addresses:

  root@sniff:~# ip addr show dev enp1s0f2
  5: enp1s0f2:  mtu 1500 qdisc mq state UP 
group default qlen 1000
  link/ether a0:36:9f:21:14:0c brd ff:ff:ff:ff:ff:ff

  2. Start (e.g.) netsniff-ng to watch that interface, filtering for the
  source MAC address:

  root@sniff:~# netsniff-ng -i enp1s0f2 ether host a0:36:9f:21:14:0c
  Running! Hang up with ^C!

  3. In another window, temporarily shut down and bring up that Ethernet
  interface:

  root@sniff:~# ip link set dev enp1s0f2 down ; sleep 5 ; ip link set
  dev enp1s0f2 up

  4. In the netsniff-ng window, observe the emitted packets with the
  source MAC address of the physical device, and an IPv6 source address
  of all zeros (::) (consistent with no link-local address being
  configured on the interface):

  > enp1s0f2 110 1609708972s.966716675ns #1 
   [ Eth MAC (a0:36:9f:21:14:0c => 33:33:00:00:00:16), Proto (0x86dd, IPv6) ]
   [ Vendor (Intel Corporate => Multicast) ]
   [ IPv6 Addr (:: => ff02::16), Version (6), TrafficClass (0), FlowLabel (0), 
Len (56), NextHdr (0), HopLimit (1) ]
 [ Hop-by-Hop Options NextHdr (58), HdrExtLen (0, 8 Bytes), Option(s) 
recognized  ]
   [ ICMPv6 Multicast Listener Report v2 (143), Unknown Code (0), Chks 
(0x6b6d), Res (0x0), Nr. Mcast Addr Records (2), Rec Type 
CHANGE_TO_EXCLUDE_MODE (4), Aux Data Len (0, 0 bytes), Nr. of Sources (0), 
Address: ff05::2, Aux Data: , Rec Type CHANGE_TO_EXCLUDE_MODE (4), Aux Data Len 
(0, 0 by
 tes), Nr. of Sources (0), Address: ff02::2, Aux Data:  ]

  > enp1s0f2 110 1609708973s.262732732ns #2 
   [ Eth MAC (a0:36:9f:21:14:0c => 33:33:00:00:00:16), Proto (0x86dd, IPv6) ]
   [ Vendor (Intel Corporate => Multicast) ]
   [ IPv6 Addr (:: => ff02::16), Version (6), TrafficClass (0), FlowLabel (0), 
Len (56), NextHdr (0), HopLimit (1) ]
 [ Hop-by-Hop Options NextHdr (58), HdrExtLen (0, 8 Bytes), Option(s) 
recognized  ]
   [ ICMPv6 Multicast Listener Report v2 (143), Unknown Code (0), Chks 
(0x6b6d), Res (0x0), Nr. Mcast Addr Records (2), Rec Type 
CHANGE_TO_EXCLUDE_MODE (4), Aux Data Len (0, 0 bytes), Nr. of Sources (0), 
Address: ff05::2, Aux Data: , Rec Type CHANGE_TO_EXCLUDE_MODE (4), Aux Data Len 
(0, 0 by
 tes), Nr. of Sources (0), Address: ff02::2, Aux Data:  ]

  TO WORKAROUND
  =
  Add an ip6tables rule to suppress any host-generated IPv6 packets from being 
emitted from that interface, e.g.:

  ip6tables -A OUTPUT -o enp1s0f2 -j DROP

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.4.0-58-generic 5.4.0-58.64
  ProcVersionSignature: Ubuntu 5.4.0-58.64-generic 5.4.73
  Uname: Linux 5.4.0-58-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.14
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  bill877 F pulseaudio
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Jan  3 13:06:20 2021
  InstallationDate: Installed on 2020-12-23 (11 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  Lsusb:
   Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
   Bus 001 Device 003: ID 051d:0002 American Power Conversion Uninterruptible 
Power Supply
   Bus 001 Device 002: ID 413c:2113 Dell Computer Corp. Dell KB216 Wired 
Keyboard
   Bus 001 Device 004: ID 413c:301a Dell Computer Corp. Dell MS116 USB Optical 
Mouse
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  MachineType: Dell Inc. OptiPlex 3050
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 i915drmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-58-generic 
root=UUID=baec5de5-b743-482b-8850-65f96d50ecbf ro quiet splash vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-5.4.0-58-generic N/A
   linux-backports-modules-5.4.0-58-generic  N/A
   linux-firmware1.187.6
  RfKill:
   
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 07/03/2020
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.14.0
  dmi.board.name: 08NPPY
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00

[Kernel-packages] [Bug 1922596] Re: linux ADT test failure with linux/4.4.0-208.240

2021-04-06 Thread Steve Beattie

This was merged into q-r-t in https://git.launchpad.net/qa-regression-
testing/commit/?id=c1af010b49291e5526ccac85cd1fd334fa3bd0c5 .

Until this actually makes into a kernel in updates/security, the test
will fail for those kernels. Worth keeping in mind if we have to do any
respins.

Thanks!

** Changed in: qa-regression-testing
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1922596

Title:
  linux ADT test failure with linux/4.4.0-208.240

Status in QA Regression Testing:
  Fix Released
Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  Invalid

Bug description:
  This is a scripted bug report about ADT failures while running linux
  tests for linux/4.4.0-208.240 on xenial. Whether this is caused by the
  dep8 tests of the tested source or the kernel has yet to be
  determined.

  Testing failed on:
  amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/l/linux/20210405_165921_51e87@/log.gz
  i386: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/i386/l/linux/20210405_171150_5e4c6@/log.gz
  ppc64el: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/ppc64el/l/linux/20210405_171645_a1619@/log.gz
  s390x: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/s390x/l/linux/20210402_051319_d4fe2@/log.gz


  15:47:57 ERROR| [stderr] 
==
  15:47:57 ERROR| [stderr] FAIL: test_160_setattr_CVE_2015_1350 
(__main__.KernelSecurityTest)
  15:47:57 ERROR| [stderr] Ensure unpriv user cannot strip setattr attributes 
via chown() (CVE-2015-1350)
  15:47:57 ERROR| [stderr] 
--
  15:47:57 ERROR| [stderr] Traceback (most recent call last):
  15:47:57 ERROR| [stderr]   File "./test-kernel-security.py", line 1891, in 
test_160_setattr_CVE_2015_1350
  15:47:57 ERROR| [stderr] self.assertShellOutputEquals(exp_output, 
['sudo', '-u', user, 'getcap', testbin])
  15:47:57 ERROR| [stderr]   File 
"/tmp/autopkgtest.UEYHB2/build.S4Z/src/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py",
 line 1206, in assertShellOutputEquals
  15:47:57 ERROR| [stderr] self.assertEqual(text, out, msg + result + 
report)
  15:47:57 ERROR| [stderr] AssertionError: Got exit code 0. Looking for exact 
text "" (sudo -u ubuntu getcap /tmp/setattr-GwRjva/true)
  15:47:57 ERROR| [stderr] Command: 'sudo', '-u', 'ubuntu', 'getcap', 
'/tmp/setattr-GwRjva/true'
  15:47:57 ERROR| [stderr] Output:
  15:47:57 ERROR| [stderr] /tmp/setattr-GwRjva/true = cap_sys_nice+ep
  15:47:57 ERROR| [stderr] 
  15:47:57 ERROR| [stderr] 
  15:47:57 ERROR| [stderr] 
--
  15:47:57 ERROR| [stderr] Ran 125 tests in 24.852s
  15:47:57 ERROR| [stderr] 
  15:47:57 ERROR| [stderr] FAILED (failures=1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1922596/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1922223] Re: package kerneloops 0.12+git20140509-6ubuntu2 failed to install/upgrade: installed kerneloops package post-installation script subprocess returned error exit status

2021-04-02 Thread Steve Beattie

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to kerneloops in Ubuntu.
https://bugs.launchpad.net/bugs/193

Title:
  package kerneloops 0.12+git20140509-6ubuntu2 failed to
  install/upgrade: installed kerneloops package post-installation script
  subprocess returned error exit status 1

Status in kerneloops package in Ubuntu:
  New

Bug description:
  Kindly check

  ProblemType: Package
  DistroRelease: Ubuntu 18.04
  Package: kerneloops 0.12+git20140509-6ubuntu2
  ProcVersionSignature: Ubuntu 4.15.0-140.144-generic 4.15.18
  Uname: Linux 4.15.0-140-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.20.9-0ubuntu7.23
  Architecture: amd64
  Date: Thu Apr  1 17:59:48 2021
  ErrorMessage: installed kerneloops package post-installation script 
subprocess returned error exit status 1
  InstallationDate: Installed on 2018-08-11 (964 days ago)
  InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
  Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.0.5ubuntu2.3
   apt  2.0.4
  SourcePackage: kerneloops
  Title: package kerneloops 0.12+git20140509-6ubuntu2 failed to 
install/upgrade: installed kerneloops package post-installation script 
subprocess returned error exit status 1
  UpgradeStatus: Upgraded to bionic on 2021-04-01 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kerneloops/+bug/193/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1918960] Re: kernel does not honor mokx revocations, allowing kexec lockdown bypass

2021-03-31 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1918960

Title:
  kernel does not honor mokx revocations, allowing kexec lockdown bypass

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  All kernels do not honor mokx certificate revocations, and thus does
  not honor the 2012 certificate revocation, nor the post 2017
  certificate signed kernels that allow acpi bypass. This can allow
  bypass of lockdown restrictions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918960/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1918960] Re: kernel does not honor mokx revocations, allowing kexec lockdown bypass

2021-03-31 Thread Steve Beattie

https://lore.kernel.org/lkml/1884195.1615482...@warthog.procyon.org.uk/
is still not upstream.

https://lore.kernel.org/lkml/20210312171232.2681989-1-...@digikod.net/
may also be worth watching.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1918960

Title:
  kernel does not honor mokx revocations, allowing kexec lockdown bypass

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  All kernels do not honor mokx certificate revocations, and thus does
  not honor the 2012 certificate revocation, nor the post 2017
  certificate signed kernels that allow acpi bypass. This can allow
  bypass of lockdown restrictions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918960/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1918960] Re: kernel does not honor mokx revocations, allowing kexec lockdown bypass

2021-03-31 Thread Steve Beattie

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26541

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1918960

Title:
  kernel does not honor mokx revocations, allowing kexec lockdown bypass

Status in linux package in Ubuntu:
  New

Bug description:
  All kernels do not honor mokx certificate revocations, and thus does
  not honor the 2012 certificate revocation, nor the post 2017
  certificate signed kernels that allow acpi bypass. This can allow
  bypass of lockdown restrictions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918960/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1920685] Re: Shity ubujntu 20.04 upgrade

2021-03-30 Thread Steve Beattie

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1920685

Title:
  Shity ubujntu 20.04 upgrade

Status in linux package in Ubuntu:
  New

Bug description:
  It's just miracle that ubuntu is starting up, boot speed is terrible
  slow after upgrade, and now it was just hanging and i had to reset the
  whole shit with the power button, as the login screen was freezing,

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.4.0-67-generic 5.4.0-67.75
  ProcVersionSignature: Ubuntu 5.4.0-67.75-generic 5.4.94
  Uname: Linux 5.4.0-67-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  raxim  1631 F pulseaudio
   /dev/snd/controlC1:  raxim  1631 F pulseaudio
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Mar 21 20:06:13 2021
  HibernationDevice: RESUME=none
  InstallationDate: Installed on 2017-08-07 (1322 days ago)
  InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 
(20170801)
  MachineType: TOSHIBA SATELLITE L50-B
  ProcFB: 0 i915drmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-67-generic 
root=UUID=94637b9f-f7f6-4e31-9097-4b1fbad3748b ro quiet splash vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-5.4.0-67-generic N/A
   linux-backports-modules-5.4.0-67-generic  N/A
   linux-firmware1.187.10
  SourcePackage: linux
  UpgradeStatus: Upgraded to focal on 2020-11-20 (121 days ago)
  dmi.bios.date: 12/02/2014
  dmi.bios.vendor: INSYDE Corp.
  dmi.bios.version: 2.00
  dmi.board.asset.tag: Type2 - Board Asset Tag
  dmi.board.name: Type2 - Board Product Name1
  dmi.board.vendor: Type2 - Board Vendor Name1
  dmi.board.version: Type2 - Board Version
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: OEM Chassis ManuFacturer
  dmi.chassis.version: OEM Chassis Version
  dmi.modalias: 
dmi:bvnINSYDECorp.:bvr2.00:bd12/02/2014:svnTOSHIBA:pnSATELLITEL50-B:pvrPSKTQE-00C008HU:rvnType2-BoardVendorName1:rnType2-BoardProductName1:rvrType2-BoardVersion:cvnOEMChassisManuFacturer:ct10:cvrOEMChassisVersion:
  dmi.product.family: INVALID
  dmi.product.name: SATELLITE L50-B
  dmi.product.sku: INVALID
  dmi.product.version: PSKTQE-00C008HU
  dmi.sys.vendor: TOSHIBA
  modified.conffile..etc.default.apport:
   # set this to 0 to disable apport, or to 1 to enable it
   # you can temporarily override this with
   # sudo service apport start force_start=1
   enabled=0
  mtime.conffile..etc.default.apport: 2019-01-05T20:15:11.119265

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1920685/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1912708] Re: CONFIG_RANDOMIZE_BASE on ppc64el

2021-03-11 Thread Steve Beattie

Thanks for pointing that out, Krzysztof.

Seth, the reason that I limited the bug report to ppc64 is that Ubuntu
16.04 LTS with its 4.4 based kernel was the last release we supported
32bit powerpc platforms.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1912708

Title:
  CONFIG_RANDOMIZE_BASE on ppc64el

Status in linux package in Ubuntu:
  Invalid

Bug description:
  Hello, it looks like CONFIG_RANDOMIZE_BASE is not set in our ppc64el
  kernel configurations, based on running this in an rsync clone of
  kernel.ubuntu.com::kernel-ppa-config/ :

  grep CONFIG_RANDOMIZE_BASE $(find . -iname '*ppc*' | grep /linux/)

  This returns no hits -- not even for a disabled feature -- which
  surprised me a bit.

  This webpage suggests power should have this kernel configuration
  available after 5.5: https://cateee.net/lkddb/web-
  lkddb/RANDOMIZE_BASE.html

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912708/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1899573] Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9

2021-02-22 Thread Steve Beattie

Oh, this was fixed in  https://usn.ubuntu.com/usn/usn-4657-1,
https://usn.ubuntu.com/usn/usn-4658-1,
https://usn.ubuntu.com/usn/usn-4659-1, and
https://usn.ubuntu.com/usn/usn-4660-1 . Marking fix released.

Thanks.


** Information type changed from Private Security to Public Security

** Changed in: linux (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1899573

Title:
  CVE-2020-4788: Speculation on incompletely validated data on IBM
  Power9

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  Hi,

  IBM Power9 processors can speculatively operate on data in the L1
  cache before it has been completely validated, via a way-prediction
  mechanism. It is not possible for an attacker to determine the
  contents of impermissible memory using this method, since these
  systems implement a combination of hardware and software security
  measures to prevent scenarios where protected data could be leaked.

  However these measures don't address the scenario where an attacker
  induces the operating system to speculatively execute instructions
  using data that the attacker controls. This can be used for example to
  speculatively bypass "kernel user access prevention" techniques, as
  discovered by Anthony Steinhauser of Google's Safeside Project. This
  is not an attack by itself, but there is a possibility it could be
  used in conjunction with side-channels or other weaknesses in the
  privileged code to construct an attack.

  This issue can be mitigated by flushing the L1 cache between privilege
  boundaries of concern.

  CVEID: CVE-2020-4788

  Current description/CVSS info (subject to revision)
  ---

  Description: IBM Power9 processors could allow a local user to obtain 
sensitive information from the data in the L1 cache under extenuating 
circumstances.
  CVSS Base Score: 2.9
  CVSS Temporal Score: 
https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 for more information
  CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

  Embargo details
  ---

  Please do not disclose any of this information prior to 20 November
  2020, as that is the coordinated date for CVE details, AIX and IBM i
  fixes to be released. We will confirm the precise time of day shortly.

  Fix details
  ---

  In general, this issue is mitigated by flushing the L1D cache when
  entering the kernel and after any in-kernel userspace memory accesses.

  Please find attached patches against Focal, Bionic and Xenial. Let me
  know if you want backports to Groovy done at this stage.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1899573/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1863299] Re: linux-aws fails to late load microcode, works with generic

2021-02-09 Thread Steve Beattie

Hello Dimitri,

The source of this is that the linux-aws (and some other cloud-specific)
kernels do not have CONFIG_MICROCODE_OLD_INTERFACE enabled, while they
are enabled in the generic kernel configs.

For consideration, this is the kernel config documentation for this
option:

  config MICROCODE_OLD_INTERFACE
bool "Ancient loading interface (DEPRECATED)"
default n
depends on MICROCODE
---help---
  DO NOT USE THIS! This is the ancient /dev/cpu/microcode interface
  which was used by userspace tools like iucode_tool and microcode.ctl.
  It is inadequate because it runs too late to be able to properly
  load microcode on a machine and it needs special tools. Instead, you
  should've switched to the early loading method with the initrd or
  builtin microcode by now: Documentation/x86/microcode.rst

I'm going to mark this issue public. Thanks.

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1863299

Title:
  linux-aws fails to late load microcode, works with generic

Status in linux-aws package in Ubuntu:
  New

Bug description:
  [Impact]

   * Late loading of intel microcode doesn't seem to work on aws.

  [Test Case]

   * Boot Focal on AWS metal instance
   * Install intel-microcode package
   * Disable early microcode loading:
 sudo rm /usr/share/initramfs-tools/hooks/intel_microcode to disable 
including microcde in the initrd
   * Update initrd
 sudo update-initramfs -u
   * Observe that late loading (due to /usr/lib/tmpfiles.d/intel-microcode.conf 
) does not happen.

  I.e. expected to see something like this:
  $ journalctl -b | grep microcode
  Feb 14 11:08:38 ottawa kernel: microcode: sig=0x506e3, pf=0x20, revision=0xc6
  Feb 14 11:08:38 ottawa kernel: microcode: Microcode Update Driver: v2.2.
  Feb 14 11:08:42 ottawa kernel: microcode: updated to revision 0xd6, date = 
2019-10-03
  Feb 14 11:08:42 ottawa kernel: x86/CPU: CPU features have changed after 
loading microcode, but might not take effect.
  Feb 14 11:08:42 ottawa kernel: microcode: Reload completed, microcode 
revision: 0xd6

  instead I see something like this:
  Feb 14 11:08:38 ottawa kernel: microcode: sig=0x506e3, pf=0x20, revision=0xc6
  Feb 14 11:08:38 ottawa kernel: microcode: Microcode Update Driver: v2.2.

  (no updated to revivsion  message)

  [Regression Potential]

   * Late loading is new, as the current default is to load microcode
  early from initrd. It will only change behaviour on initrd-less
  bionic-minimal images, and any image types on later releases, but only
  when booted on the .metal instances.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1863299/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1904471] Re: Ubuntu-5.4.0-48.52 introduces a regression by cherry picking partial fixes from set of commits

2021-02-09 Thread Steve Beattie

Hi Shoily,

Coming back around to this issue, it looks like
b431ef837e3374da0db8ff6683170359aaa0859c landed in focal in 5.4.0-49.53
and bionic in 4.15.0-119.120. I'm making this public as well as marking
it as fix released.

Thanks again for the report!

** Information type changed from Private Security to Public

** Changed in: linux (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1904471

Title:
  Ubuntu-5.4.0-48.52 introduces a regression by cherry picking partial
  fixes from set of commits

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  Hello,

  While I was porting a security fix pertaining to blktrace and debugfs,
  I have noticed that ubuntu-5.4.0-48.52 kernel is missing fix
  b431ef837e3374da0db8ff6683170359aaa0859c from mainline kernel.

  Here ubuntu-5.4.0-48.52 picked partial fixes from set of commits which
  is solves a race condition present in blktrace and debugfs. This is
  explained by the Kernel developer Luis Chamberlain 
  in the thread https://bugzilla.kernel.org/show_bug.cgi?id=205713 -

  The fixes for this is now queued up on the block for-next branch, on
  its way for v5.9. There were quite a bit of scattered fixes required
  for this, if you are looking to backport this to your kernel be sure
  to include starting from "blktrace: break out of blktrace setup on
  concurrent calls" up to "blktrace: ensure our debugfs dir exists". The
  actual fix for this particular crash however is handled by the patch
  titled, "blktrace: fix debugfs use after free"

  Commit 4a6f7d09462878b26c4732c8fa0c7e7d22ac1564 in ubuntu-5.4.0-48.52
  caused the regression by removing NULL check for debugfs dir. This is
  fixed in mainline kernel commit
  b431ef837e3374da0db8ff6683170359aaa0859c which is missing in ubuntu.

  Let me know if you have further question.

  Thanks,

  Shoily Rahman
  shoily.rah...@oracle.com

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1904471/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2021-02-09 Thread Steve Beattie

Hi Dimitri, I don't know that all dkms SRUs need to go to the security
pockets, but ones that fix build issues surely do, given the problems
that a dkms build failure causes in package installs.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1914279

Title:
  linux from security may force reboots without complete dkms modules

Status in apt package in Ubuntu:
  Invalid
Status in dkms package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Confirmed
Status in linux-meta package in Ubuntu:
  New
Status in unattended-upgrades package in Ubuntu:
  Invalid
Status in update-manager package in Ubuntu:
  Invalid

Bug description:
  Whilst discussing

  https://discourse.ubuntu.com/t/improvements-for-hardware-support-in-
  ubuntu-desktop-installation-media/20606

  We have noticed a reference to somebody not having working backport-
  iwlwifi-dkms, whilst SRU of that happened before the v5.4 -> v5.8
  switch.

  However, kernel meta switch was pushed to security pocket, but the
  dkms modules are all in -updates only.

  This may result in people automatically installing the new kernel with
  unatanded upgrades; dkms modules failing to build; and a reboot
  required flag left on disk.

  At this point launching update manager will not offer to install dkms
  modules from updates, and will guide the users to reboot. which
  will then cause them to boot the new kernel without the dkms modules
  that might be providing networking for them.

  Should dkms modules SRUs always getting published into -security
  pocket, as well as the -updates pocket?

  Should linux maintainer scripts prevent touching reboot required flag
  if any dkms modules fail to build?

  Should apt / unattanded-upgrades / update-manager always update dkms
  modules with kernels?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1914279/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1914863] Re: package linux-headers-4.4.0-145-generic 4.4.0-145.171 failed to install/upgrade: package linux-headers-4.4.0-145-generic is not ready for configuration cannot confi

2021-02-09 Thread Steve Beattie

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1914863

Title:
  package linux-headers-4.4.0-145-generic 4.4.0-145.171 failed to
  install/upgrade: package linux-headers-4.4.0-145-generic is not ready
  for configuration  cannot configure (current status 'half-installed')

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  i stopped receiving updates from the system

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: linux-headers-4.4.0-145-generic 4.4.0-145.171
  ProcVersionSignature: Ubuntu 4.15.0-129.132~16.04.1-generic 4.15.18
  Uname: Linux 4.15.0-129-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.30
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  raya   1120 F pulseaudio
  Date: Sat Feb  6 16:14:10 2021
  DuplicateSignature:
   package:linux-headers-4.4.0-145-generic:4.4.0-145.171
   Processing triggers for libc-bin (2.23-0ubuntu11.2) ...
   dpkg: error processing package linux-headers-4.4.0-145-generic (--configure):
package linux-headers-4.4.0-145-generic is not ready for configuration
  ErrorMessage: package linux-headers-4.4.0-145-generic is not ready for 
configuration  cannot configure (current status 'half-installed')
  HibernationDevice: RESUME=UUID=f3f8a101-6016-4f93-a349-fea1bda7169b
  InstallationDate: Installed on 2017-11-08 (1186 days ago)
  InstallationMedia: Lubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 
(20170801)
  IwConfig:
   lono wireless extensions.
   
   enp2s0no wireless extensions.
  MachineType: System manufacturer System Product Name
  ProcFB:
   
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-129-generic 
root=UUID=9135f006-10a2-4b88-b0fb-5e15bc424148 ro quiet splash
  PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No 
PulseAudio daemon running, or not running as session daemon.
  RelatedPackageVersions: grub-pc 2.02~beta2-36ubuntu3.29
  RfKill:
   
  SourcePackage: linux
  Title: package linux-headers-4.4.0-145-generic 4.4.0-145.171 failed to 
install/upgrade: package linux-headers-4.4.0-145-generic is not ready for 
configuration  cannot configure (current status 'half-installed')
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 05/19/2008
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 0512
  dmi.board.asset.tag: To Be Filled By O.E.M.
  dmi.board.name: P5KPL-CM
  dmi.board.vendor: ASUSTeK Computer INC.
  dmi.board.version: x.xx
  dmi.chassis.asset.tag: Asset-1234567890
  dmi.chassis.type: 3
  dmi.chassis.vendor: Chassis Manufacture
  dmi.chassis.version: Chassis Version
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvr0512:bd05/19/2008:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5KPL-CM:rvrx.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
  dmi.product.family: To Be Filled By O.E.M.
  dmi.product.name: System Product Name
  dmi.product.version: System Version
  dmi.sys.vendor: System manufacturer

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914863/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1913392] Re: Security Repository Doesn't Contain USN-4689-4 Fixed Kernel Version

2021-01-28 Thread Steve Beattie

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1913392

Title:
  Security Repository Doesn't Contain USN-4689-4 Fixed Kernel Version

Status in linux package in Ubuntu:
  New

Bug description:
  https://ubuntu.com/security/notices/USN-4689-4 says that the fixed
  version of Ubuntu 20.04 is:

  linux-image-5.4.0-64-generic - 5.4.0-64.72

  With only the focal and focal-security sources enabled this version is
  not installed. Only linux-image-5.4.0-62-generic is installed.

  We've had automated vulnerability tools flag some of our hosts as
  vulnerable due to this mismatch.

  To reproduce this, I tried a clean install using a 20.04 live server
  cd, with network disabled.

  I then enabled only the focal and focal-security repos:

  root@ubuntu-test:/home/danp# cat /etc/apt/sources.list 
/etc/apt/sources.list.d/*
  # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
  # newer versions of the distribution.
  deb http://archive.ubuntu.com/ubuntu focal main restricted
  deb http://archive.ubuntu.com/ubuntu focal-security main restricted
  cat: '/etc/apt/sources.list.d/*': No such file or directory

  root@ubuntu-test:/home/danp# apt update && apt list --upgradable
  Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Hit:2 http://archive.ubuntu.com/ubuntu focal-security InRelease
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  All packages are up to date.
  Listing... Done

  root@ubuntu-test:/home/danp# dpkg -l | grep linux-image-5.4
  ii  linux-image-5.4.0-26-generic 5.4.0-26.30   
amd64Signed kernel image generic
  ii  linux-image-5.4.0-62-generic 5.4.0-62.70   
amd64Signed kernel image generic

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.4.0-62-generic 5.4.0-62.70
  ProcVersionSignature: Ubuntu 5.4.0-62.70-generic 5.4.78
  Uname: Linux 5.4.0-62-generic x86_64
  AlsaDevices:
   total 0
   crw-rw+ 1 root audio 116,  1 Jan 27 07:35 seq
   crw-rw+ 1 root audio 116, 33 Jan 27 07:35 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20.11-0ubuntu27.12
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  CasperMD5CheckResult: pass
  Date: Wed Jan 27 07:38:40 2021
  InstallationDate: Installed on 2021-01-27 (0 days ago)
  InstallationMedia: Ubuntu-Server 20.04 LTS "Focal Fossa" - Release amd64 
(20200423)
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lsusb:
   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet
   Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  Lsusb-t:
   /:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
   |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  PciMultimedia:
   
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 bochs-drmdrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-62-generic 
root=UUID=00a34725-3888-4064-a820-bab3d2bdab8a ro maybe-ubiquity
  RelatedPackageVersions:
   linux-restricted-modules-5.4.0-62-generic N/A
   linux-backports-modules-5.4.0-62-generic  N/A
   linux-firmware1.187
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/01/2014
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-i440fx-5.1
  dmi.modalias: 
dmi:bvnSeaBIOS:bvrrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-5.1:cvnQEMU:ct1:cvrpc-i440fx-5.1:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-5.1
  dmi.sys.vendor: QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1913392/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1912708] Re: CONFIG_RANDOMIZE_BASE on powerpc / ppc64el

2021-01-21 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

** Summary changed:

- CONFIG_RANDOMIZE_BASE on powerpc / ppc64el
+ CONFIG_RANDOMIZE_BASE on ppc64el

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1912708

Title:
  CONFIG_RANDOMIZE_BASE on ppc64el

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  Hello, it looks like CONFIG_RANDOMIZE_BASE is not set in our ppc64el
  kernel configurations, based on running this in an rsync clone of
  kernel.ubuntu.com::kernel-ppa-config/ :

  grep CONFIG_RANDOMIZE_BASE $(find . -iname '*ppc*' | grep /linux/)

  This returns no hits -- not even for a disabled feature -- which
  surprised me a bit.

  This webpage suggests power should have this kernel configuration
  available after 5.5: https://cateee.net/lkddb/web-
  lkddb/RANDOMIZE_BASE.html

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912708/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1909486] Re: tiocspgrp()" Privilege Escalation Vulnerability

2021-01-20 Thread Steve Beattie

** Information type changed from Private Security to Public Security

** Changed in: linux (Ubuntu)
   Status: New => Confirmed

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1909486

Title:
  tiocspgrp()" Privilege Escalation Vulnerability

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  A race condition error related to the "tiocspgrp()" function
  (drivers/tty/tty_jobctrl.c) can be exploited to trigger a use-after-
  free and subsequently gain elevated privileges.

  The vulnerability is reported in versions 5.9.x prior to 5.9.14, 5.4.x
  prior to 5.4.83, 4.19.x prior to 4.19.163, 4.14.x prior to 4.14.212,
  4.9.x prior to 4.9.248, and 4.4.x prior to 4.4.248.

  Affected Software

  The following software is affected by the described vulnerability.
  Please check the vendor links below to see if exactly your version is
  affected.

  Linux Kernel 4.14.x
  Linux Kernel 4.19.x
  Linux Kernel 4.4.x
  Linux Kernel 4.9.x
  Linux Kernel 5.4.x
  Linux Kernel 5.9.x

  Solution

  Update to a fixed version.

  Versions 5.9.x:
  Update to version 5.9.14 or later.

  Versions 5.4.x:
  Update to version 5.4.83 or later.

  Versions 4.19.x:
  Update to version 4.19.163.

  Versions 4.14.x:
  Update to version 4.14.212.

  Versions 4.9.x:
  Update to version 4.9.248.

  Versions 4.4.x:
  Update to version 4.4.248.

  References

  1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14 

  2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.83 

  3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 

  4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.212 

  5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.248 

  6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.248 

  7. https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 

  8. 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
 


  
  Detected in Ubuntu 16, which uses 4.4.x kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1894980] Re: CVE-2020-16120: unprivileged overlayfs permission checking

2020-11-17 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: Confirmed => Fix Released

** Information type changed from Private Security to Public Security

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16120

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1894980

Title:
  CVE-2020-16120: unprivileged overlayfs permission checking

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  Opening this as a tracking bug for CVE-2020-16120

  Hi,

  while playing with shiftfs I've noticed a strange interaction with
  overlay and that seems to allow reading files under an accessible
  directory, even if they are not readable to the user who created the
  user namespace.

  While overlay would not accept a FUSE file system as upper layer, it
  seems the check doesn't work when it goes through a shiftfs layer.

  For the exploit purpose, I've used fuse-overlayfs only because I am
  familiar with it but I'd expect any FUSE file system to behave
  in the same way.  The additional drop_unlink.patch patch is used only to
  inhibit deleting temporary files in fuse-overlayfs.

  The steps required are:

  1) create a user namespace with an unprivileged user.
  2) mount a FUSE file system where we have full control at M1.  In
 the exploit fuse-overlayfs with a custom patch is used.
  3) mount shiftfs from the FUSE mount M1 to a mountpoint M2.
  4) mount overlay using /etc as lowerdir and M2 for the upperdir (and
 workdir).
  5) attempt a "mv M2/shadow M2/something-else".

  The shadow file that is coming from the lower layer (/etc/shadow), is
  copied to the shiftfs and ultimately to the FUSE file system.  The copy
  would fail but that happens too late, after the FUSE file system already
  received the file content.  Since we have full control on the FUSE file
  system, we can access the content of /etc/shadow.

  For running the exploit, you need to have the fuse-overlayfs
  dependencies installed (libc6-dev gcc g++ make automake autoconf pkgconf
  libfuse3-dev).

  It is enough to run "make" as unprivileged user and if the exploit
  succeeds you get the content of the /etc/shadow file under the result/
  directory.

  Tested on Ubuntu 20.04 with Linux 5.4.0-42-generic.

  
  Thanks,
  Giuseppe

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1894980/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1898742] Re: Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability

2020-10-06 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1898742

Title:
  Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  Dear Launchpad Ubuntu Team,

  An error related to the "ppp_cp_parse_cr()" function (hdlc_ppp.c) can
  be exploited to trigger an infinite loop or an out-of-bounds read
  memory access via a specially crafted packet.

  The vulnerability is reported in versions 5.4.x prior to 5.4.68,
  4.19.x prior to 4.19.148, 4.14.x prior to 4.14.200, 4.9.x prior to
  4.9.238, and 4.4.x prior to 4.4.238.

  The following software is affected by the described vulnerability:

  Linux Kernel 4.14.x
  Linux Kernel 4.19.x
  Linux Kernel 4.4.x
  Linux Kernel 4.9.x
  Linux Kernel 5.4.x

  References

  1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.12 
  2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.68 
  3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148 
  4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.200 
  5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.238 
  6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.238 
  7. 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105

  The issue affects Ubuntu 16 LTS.

  Please provide an update.

  Best regards,

  it0001

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1898742/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1882093] Re: CVE-2020-{5963|5967} NVIDIA

2020-08-18 Thread Steve Beattie

Publication to focal-updates for nvidia-driver-440-server
440.95.01-0ubuntu0.20.04.1 and for groovy happened as well, closing
tasks.

** Changed in: nvidia-graphics-drivers-440-server (Ubuntu Focal)
   Status: Fix Committed => Fix Released

** Changed in: nvidia-graphics-drivers-440-server (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to nvidia-graphics-drivers-390 in Ubuntu.
https://bugs.launchpad.net/bugs/1882093

Title:
  CVE-2020-{5963|5967} NVIDIA

Status in nvidia-graphics-drivers-390 package in Ubuntu:
  Fix Released
Status in nvidia-graphics-drivers-440 package in Ubuntu:
  Fix Released
Status in nvidia-graphics-drivers-440-server package in Ubuntu:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-440 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-440-server source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Eoan:
  Fix Released
Status in nvidia-graphics-drivers-440 source package in Eoan:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-440 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-440-server source package in Focal:
  Fix Released

Bug description:
  Security update for CVE-2020-5963 CVE-2020-5967

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/+bug/1882093/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1555338] Re: Linux netfilter IPT_SO_SET_REPLACE memory corruption

2020-07-14 Thread Steve Beattie

** Changed in: linux-flo (Ubuntu Xenial)
   Status: New => Won't Fix

** Changed in: linux-mako (Ubuntu Xenial)
   Status: New => Won't Fix

** Changed in: linux-flo (Ubuntu)
   Status: New => Won't Fix

** Changed in: linux-goldfish (Ubuntu)
   Status: New => Won't Fix

** Changed in: linux-mako (Ubuntu)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-goldfish in Ubuntu.
https://bugs.launchpad.net/bugs/1555338

Title:
  Linux netfilter IPT_SO_SET_REPLACE memory corruption

Status in linux package in Ubuntu:
  Fix Released
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  Won't Fix
Status in linux-goldfish package in Ubuntu:
  Won't Fix
Status in linux-keystone package in Ubuntu:
  Invalid
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-lts-wily package in Ubuntu:
  Invalid
Status in linux-lts-xenial package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  Won't Fix
Status in linux-manta package in Ubuntu:
  Invalid
Status in linux-raspi2 package in Ubuntu:
  Fix Released
Status in linux-snapdragon package in Ubuntu:
  Fix Released
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-flo source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-keystone source package in Precise:
  Invalid
Status in linux-lts-quantal source package in Precise:
  Invalid
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-lts-wily source package in Precise:
  Invalid
Status in linux-lts-xenial source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-raspi2 source package in Precise:
  Invalid
Status in linux-snapdragon source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-keystone source package in Trusty:
  Fix Released
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux-lts-vivid source package in Trusty:
  Fix Released
Status in linux-lts-wily source package in Trusty:
  Fix Released
Status in linux-lts-xenial source package in Trusty:
  Fix Released
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-raspi2 source package in Trusty:
  Invalid
Status in linux-snapdragon source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Vivid:
  Fix Released
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  Won't Fix
Status in linux-goldfish source package in Vivid:
  New
Status in linux-keystone source package in Vivid:
  Invalid
Status in linux-lts-quantal source package in Vivid:
  Won't Fix
Status in linux-lts-raring source package in Vivid:
  New
Status in linux-lts-saucy source package in Vivid:
  Won't Fix
Status in linux-lts-trusty source package in Vivid:
  Won't Fix
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-lts-vivid source package in Vivid:
  Won't Fix
Status in linux-lts-wily source package in Vivid:
  New
Status in linux-lts-xenial source package in Vivid:
  New
Status in linux-mako source package in Vivid:
  Won't Fix
Status in linux-manta source package in Vivid:
  New
Status in linux-raspi2 source package in Vivid:
  Won't Fix
Status in linux-snapdragon source package in Vivid:
  New
Status in linux-ti-omap4 source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Released
Status in linux-armadaxp source package in Wily:

[Kernel-packages] [Bug 1555338] Re: Linux netfilter IPT_SO_SET_REPLACE memory corruption

2020-07-14 Thread Steve Beattie

** Changed in: linux-goldfish (Ubuntu Xenial)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-goldfish in Ubuntu.
https://bugs.launchpad.net/bugs/1555338

Title:
  Linux netfilter IPT_SO_SET_REPLACE memory corruption

Status in linux package in Ubuntu:
  Fix Released
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-keystone package in Ubuntu:
  Invalid
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-lts-wily package in Ubuntu:
  Invalid
Status in linux-lts-xenial package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  Invalid
Status in linux-raspi2 package in Ubuntu:
  Fix Released
Status in linux-snapdragon package in Ubuntu:
  Fix Released
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-flo source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-keystone source package in Precise:
  Invalid
Status in linux-lts-quantal source package in Precise:
  Invalid
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-lts-wily source package in Precise:
  Invalid
Status in linux-lts-xenial source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-raspi2 source package in Precise:
  Invalid
Status in linux-snapdragon source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-keystone source package in Trusty:
  Fix Released
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux-lts-vivid source package in Trusty:
  Fix Released
Status in linux-lts-wily source package in Trusty:
  Fix Released
Status in linux-lts-xenial source package in Trusty:
  Fix Released
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-raspi2 source package in Trusty:
  Invalid
Status in linux-snapdragon source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Vivid:
  Fix Released
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  Won't Fix
Status in linux-goldfish source package in Vivid:
  New
Status in linux-keystone source package in Vivid:
  Invalid
Status in linux-lts-quantal source package in Vivid:
  Won't Fix
Status in linux-lts-raring source package in Vivid:
  New
Status in linux-lts-saucy source package in Vivid:
  Won't Fix
Status in linux-lts-trusty source package in Vivid:
  Won't Fix
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-lts-vivid source package in Vivid:
  Won't Fix
Status in linux-lts-wily source package in Vivid:
  New
Status in linux-lts-xenial source package in Vivid:
  New
Status in linux-mako source package in Vivid:
  Won't Fix
Status in linux-manta source package in Vivid:
  New
Status in linux-raspi2 source package in Vivid:
  Won't Fix
Status in linux-snapdragon source package in Vivid:
  New
Status in linux-ti-omap4 source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Released
Status in linux-armadaxp source package in Wily:
  Invalid
Status in linux-flo source package in Wily:
  New
Status in linux-goldfish source package in Wily:
  New
Status in linux-keystone source package in Wily:
  Invalid
Status in linux-lts-quantal source package in Wily:
  Invalid
Status in linux-lts-raring source package in Wily:
  Invalid

[Kernel-packages] [Bug 1886668] Re: linux 4.15.0-109-generic network DoS regression vs -108

2020-07-08 Thread Steve Beattie

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1886668

Title:
  linux 4.15.0-109-generic network DoS regression vs -108

Status in linux package in Ubuntu:
  Incomplete

Bug description:
  Reported from a user:

  Several of our infrastructure VMs recently started crashing (oops 
   
  attached), after they upgraded to -109.  -108 appears to be stable.   
   

   
  Analysing the crash, it appears to be a wild pointer access in a BPF  
   
  filter, which makes this (probably) a network-traffic triggered crash. 

  [  696.396831] general protection fault:  [#1] SMP PTI
  [  696.396843] Modules linked in: iscsi_target_mod target_core_mod 
ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user 
xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype 
iptable_filter xt_conntrack nf_nat nf_conntrack br_netfilter bridge nfsv3 cmac 
arc4 md4 rpcsec_gss_krb5 nfsv4 nls_utf8 cifs nfs aufs ccm fscache binfmt_misc 
overlay xfs libcrc32c intel_rapl crct10dif_pclmul crc32_pclmul 
ghash_clmulni_intel ppdev pcbc aesni_intel aes_x86_64 crypto_simd glue_helper 
cryptd input_leds joydev intel_rapl_perf serio_raw parport_pc parport mac_hid 
sch_fq_codel nfsd 8021q auth_rpcgss garp nfs_acl mrp lockd stp llc grace xenfs 
sunrpc xen_privcmd ip_tables x_tables autofs4 hid_generic usbhid hid psmouse 
i2c_piix4 pata_acpi floppy
  [  696.396966] CPU: 6 PID: 0 Comm: swapper/6 Not tainted 4.15.0-109-generic 
#110-Ubuntu
  [  696.396979] Hardware name: Xen HVM domU, BIOS 4.7.6-1.26 12/03/2018
  [  696.396993] RIP: 0010:__cgroup_bpf_run_filter_skb+0xbb/0x1e0
  [  696.397005] RSP: 0018:893fdcb83a70 EFLAGS: 00010292
  [  696.397015] RAX: 6d69546e6f697469 RBX:  RCX: 
0014
  [  696.397028] RDX:  RSI: 893fd036 RDI: 
893fb5154800
  [  696.397041] RBP: 893fdcb83ad0 R08: 0001 R09: 

  [  696.397058] R10:  R11: 0003 R12: 
0014
  [  696.397075] R13: 893fb5154800 R14: 0020 R15: 
893fc6ba4d00
  [  696.397091] FS:  () GS:893fdcb8() 
knlGS:
  [  696.397107] CS:  0010 DS:  ES:  CR0: 80050033
  [  696.397119] CR2: 00c0001b4000 CR3: 0006dce0a004 CR4: 
003606e0
  [  696.397135] DR0:  DR1:  DR2: 

  [  696.397152] DR3:  DR6: fffe0ff0 DR7: 
0400
  [  696.397169] Call Trace:
  [  696.397175]  
  [  696.397183]  sk_filter_trim_cap+0xd0/0x1b0
  [  696.397191]  tcp_v4_rcv+0x8b7/0xa80
  [  696.397199]  ip_local_deliver_finish+0x66/0x210
  [  696.397208]  ip_local_deliver+0x7e/0xe0
  [  696.397215]  ? ip_rcv_finish+0x430/0x430
  [  696.397223]  ip_rcv_finish+0x129/0x430
  [  696.397230]  ip_rcv+0x296/0x360
  [  696.397238]  ? inet_del_offload+0x40/0x40
  [  696.397249]  __netif_receive_skb_core+0x432/0xb80
  [  696.397261]  ? skb_send_sock+0x50/0x50
  [  696.397271]  ? tcp4_gro_receive+0x137/0x1a0
  [  696.397280]  __netif_receive_skb+0x18/0x60
  [  696.397290]  ? __netif_receive_skb+0x18/0x60
  [  696.397300]  netif_receive_skb_internal+0x45/0xe0
  [  696.397309]  napi_gro_receive+0xc5/0xf0
  [  696.397317]  xennet_poll+0x9ca/0xbc0
  [  696.397325]  net_rx_action+0x140/0x3a0
  [  696.397334]  __do_softirq+0xe4/0x2d4
  [  696.397344]  irq_exit+0xc5/0xd0
  [  696.397352]  xen_evtchn_do_upcall+0x30/0x50
  [  696.397361]  xen_hvm_callback_vector+0x90/0xa0
  [  696.397371]  
  [  696.397378] RIP: 0010:native_safe_halt+0x12/0x20
  [  696.397390] RSP: 0018:94c4862cbe80 EFLAGS: 0246 ORIG_RAX: 
ff0c
  [  696.397405] RAX: 8efc1800 RBX: 0006 RCX: 

  [  696.397419] RDX:  RSI:  RDI: 

  [  696.397435] RBP: 94c4862cbe80 R08: 0002 R09: 
0001
  [  696.397449] R10: 0010 R11: 0397 R12: 
0006
  [  696.397462] R13:  R14:  R15: 

  [  696.397479]  ? __sched_text_end+0x1/0x1
  [  696.397489]  default_idle+0x20/0x100
  [  696.397499]  arch_cpu_idle+0x15/0x20
  [  696.397507]  default_idle_call+0x23/0x30
  [  696.397515]  do_idle+0x172/0x1f0
  [  696.397522]  cpu_startup_entry+0x73/0x80
  [  696.397530]

[Kernel-packages] [Bug 1882093] Re: CVE-2020-{5963|5967} NVIDIA

2020-07-02 Thread Steve Beattie

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to nvidia-graphics-drivers-390 in Ubuntu.
https://bugs.launchpad.net/bugs/1882093

Title:
  CVE-2020-{5963|5967} NVIDIA

Status in nvidia-graphics-drivers-390 package in Ubuntu:
  Triaged
Status in nvidia-graphics-drivers-440 package in Ubuntu:
  Triaged
Status in nvidia-graphics-drivers-390 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-440 source package in Bionic:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Eoan:
  Fix Released
Status in nvidia-graphics-drivers-440 source package in Eoan:
  Fix Released
Status in nvidia-graphics-drivers-390 source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-440 source package in Focal:
  Fix Released

Bug description:
  Security update for CVE-2020-5963 CVE-2020-5967

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/+bug/1882093/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1883598] Re: efi: Restrict efivar_ssdt_load when the kernel is locked down

2020-06-16 Thread Steve Beattie

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1883598

Title:
  efi: Restrict efivar_ssdt_load when the kernel is locked down

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  Upstream git commit 1957a85b0032 needs to be backported to older
  releases:

    efi: Restrict efivar_ssdt_load when the kernel is locked down

    efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
    EFI variable, which gives arbitrary code execution in ring 0. Prevent
    that when the kernel is locked down.

  Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f

  break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f
  1957a85b0032a81e6482ca4aab883643b8dae06e

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1883598] Re: efi: Restrict efivar_ssdt_load when the kernel is locked down

2020-06-15 Thread Steve Beattie

** Description changed:

  Upstream git commit 1957a85b0032 needs to be backported to older
  releases:
  
    efi: Restrict efivar_ssdt_load when the kernel is locked down
  
    efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
    EFI variable, which gives arbitrary code execution in ring 0. Prevent
    that when the kernel is locked down.
+ 
+ Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f
+ 
+ break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f
+ 1957a85b0032a81e6482ca4aab883643b8dae06e

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1883598

Title:
  efi: Restrict efivar_ssdt_load when the kernel is locked down

Status in linux package in Ubuntu:
  New

Bug description:
  Upstream git commit 1957a85b0032 needs to be backported to older
  releases:

    efi: Restrict efivar_ssdt_load when the kernel is locked down

    efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
    EFI variable, which gives arbitrary code execution in ring 0. Prevent
    that when the kernel is locked down.

  Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f

  break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f
  1957a85b0032a81e6482ca4aab883643b8dae06e

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1883598] [NEW] efi: Restrict efivar_ssdt_load when the kernel is locked down

2020-06-15 Thread Steve Beattie

*** This bug is a security vulnerability ***

Public security bug reported:

Upstream git commit 1957a85b0032 needs to be backported to older
releases:

  efi: Restrict efivar_ssdt_load when the kernel is locked down

  efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
  EFI variable, which gives arbitrary code execution in ring 0. Prevent
  that when the kernel is locked down.

Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f

break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f
1957a85b0032a81e6482ca4aab883643b8dae06e

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: New

** Description changed:

  Upstream git commit 1957a85b0032 needs to be backported to older
  releases:
  
- efi: Restrict efivar_ssdt_load when the kernel is locked down
+   efi: Restrict efivar_ssdt_load when the kernel is locked down
  
- efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
- EFI variable, which gives arbitrary code execution in ring 0. Prevent
- that when the kernel is locked down.
+   efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
+   EFI variable, which gives arbitrary code execution in ring 0. Prevent
+   that when the kernel is locked down.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1883598

Title:
  efi: Restrict efivar_ssdt_load when the kernel is locked down

Status in linux package in Ubuntu:
  New

Bug description:
  Upstream git commit 1957a85b0032 needs to be backported to older
  releases:

    efi: Restrict efivar_ssdt_load when the kernel is locked down

    efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
    EFI variable, which gives arbitrary code execution in ring 0. Prevent
    that when the kernel is locked down.

  Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f

  break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f
  1957a85b0032a81e6482ca4aab883643b8dae06e

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1880360] Re: package linux-modules-extra-5.4.0-31-generic 5.4.0-31.35 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before att

2020-06-02 Thread Steve Beattie

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1880360

Title:
  package linux-modules-extra-5.4.0-31-generic 5.4.0-31.35 failed to
  install/upgrade: package is in a very bad inconsistent state; you
  should  reinstall it before attempting a removal

Status in linux package in Ubuntu:
  New

Bug description:
  ok

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: linux-modules-extra-5.4.0-31-generic 5.4.0-31.35
  ProcVersionSignature: Ubuntu 5.4.0-31.35-generic 5.4.34
  Uname: Linux 5.4.0-31-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  AptOrdering:
   linux-modules-extra-5.4.0-31-generic:amd64: Remove
   linux-image-5.4.0-31-generic:amd64: Remove
   linux-modules-5.4.0-31-generic:amd64: Remove
   NULL: ConfigurePending
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  shaiju  945 F pulseaudio
  CasperMD5CheckResult: skip
  Date: Sun May 24 08:52:16 2020
  DpkgTerminalLog:
   dpkg: error processing package linux-modules-extra-5.4.0-31-generic 
(--remove):
package is in a very bad inconsistent state; you should
reinstall it before attempting a removal
   dpkg: too many errors, stopping
  ErrorMessage: package is in a very bad inconsistent state; you should  
reinstall it before attempting a removal
  InstallationDate: Installed on 2020-04-26 (27 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  MachineType: FUJITSU LIFEBOOK AH531
  ProcFB: 0 i915drmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-31-generic 
root=UUID=7958a705-13c9-45c4-a4bf-a882adc5 ro quiet splash vt.handoff=7
  PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No 
PulseAudio daemon running, or not running as session daemon.
  Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions: grub-pc 2.04-1ubuntu26
  SourcePackage: linux
  Title: package linux-modules-extra-5.4.0-31-generic 5.4.0-31.35 failed to 
install/upgrade: package is in a very bad inconsistent state; you should  
reinstall it before attempting a removal
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/08/2011
  dmi.bios.vendor: FUJITSU // Phoenix Technologies Ltd.
  dmi.bios.version: 1.27
  dmi.board.name: FJNBB0F
  dmi.board.vendor: FUJITSU
  dmi.chassis.type: 9
  dmi.chassis.vendor: FUJITSU
  dmi.modalias: 
dmi:bvnFUJITSU//PhoenixTechnologiesLtd.:bvr1.27:bd12/08/2011:svnFUJITSU:pnLIFEBOOKAH531:pvr:rvnFUJITSU:rnFJNBB0F:rvr:cvnFUJITSU:ct9:cvr:
  dmi.product.name: LIFEBOOK AH531
  dmi.sys.vendor: FUJITSU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1880360/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1876697] Re: test_regression_testsuite from ubuntu_qrt_apparmor failed on Focal zVM

2020-05-05 Thread Steve Beattie

All that about CONFIG_RT_GROUP_SCHED seems sensible, but then I am
confused as to why is it only showing up in s390x environments?

The test is trying to exercise CAP_SYS_NICE, and doing so by calling

  setpriority(PRIO_PROCESS, 0, -5)

Does the test needs to be put into a cgroup with rt allocations if
CONFIG_RT_GROUP_SCHED is set?

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1876697

Title:
  test_regression_testsuite from ubuntu_qrt_apparmor failed on Focal zVM

Status in QA Regression Testing:
  New
Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Incomplete

Bug description:
  Issue found on zVM "kernel04" with 5.4.0-29.33

   ==
   FAIL: test_regression_testsuite (__main__.ApparmorTestsuites)
   Run kernel regression tests 
   --
   Traceback (most recent call last):
 File "./test-apparmor.py", line 1746, in test_regression_testsuite
   self.assertEqual(expected, rc, result + report)
   AssertionError: Got exit code 2, expected 0 
   
   running aa_exec
   
   running access
   xfail: ACCESS file rx (r)
   xfail: ACCESS file rwx (r)
   xfail: ACCESS file r (wx)
   xfail: ACCESS file rx (wx)
   xfail: ACCESS file rwx (wx)
   xfail: ACCESS dir rwx (r)
   xfail: ACCESS dir r (wx)
   xfail: ACCESS dir rx (wx)
   xfail: ACCESS dir rwx (wx)
   
   running at_secure
   
   running introspect
   
   running capabilities
   (ptrace)
   (sethostname)
   (setdomainname)
   (setpriority)
   (setscheduler)
   Error: syscall_setscheduler failed. Test 'syscall_setscheduler -- 
unconfined' was expected to 'pass'. Reason for failure 'FAIL: Can't set 
SCHED_RR: Operation not permitted'
   Error: syscall_setscheduler failed. Test 'syscall_setscheduler -- all caps' 
was expected to 'pass'. Reason for failure 'FAIL: Can't set SCHED_RR: Operation 
not permitted'
 preparing apparmor_2.13.3-7ubuntu5.dsc...  done
   Error: syscall_setscheduler failed. Test 'syscall_setscheduler -- capability 
sys_nice' was expected to 'pass'. Reason for failure 'FAIL: Can't set SCHED_RR: 
Operation not permitted'
   Error: changehat_wrapper failed. Test 'syscall_setscheduler changehat -- all 
caps' was expected to 'pass'. Reason for failure 'FAIL: Can't set SCHED_RR: 
Operation not permitted'
   Error: changehat_wrapper failed. Test 'syscall_setscheduler changehat -- 
capability sys_nice' was expected to 'pass'. Reason for failure 'FAIL: Can't 
set SCHED_RR: Operation not permitted'
   (reboot)
   (chroot)
   (mlockall)
   (net_raw)

  Please find attachment for the complete test log.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1876697/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1876697] Re: test_regression_testsuite from ubuntu_qrt_apparmor failed on Focal zVM

2020-05-04 Thread Steve Beattie

I have seen a similar failure with that specific test when running the
tests under virtualbox on x86, though I have not tried it in several
years.

If this is the expected behavior going forward on s390s, we can address
it in qa-regression-testing.

Thanks.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1876697

Title:
  test_regression_testsuite from ubuntu_qrt_apparmor failed on Focal zVM

Status in QA Regression Testing:
  New
Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Incomplete

Bug description:
  Issue found on zVM "kernel04" with 5.4.0-29.33

   ==
   FAIL: test_regression_testsuite (__main__.ApparmorTestsuites)
   Run kernel regression tests 
   --
   Traceback (most recent call last):
 File "./test-apparmor.py", line 1746, in test_regression_testsuite
   self.assertEqual(expected, rc, result + report)
   AssertionError: Got exit code 2, expected 0 
   
   running aa_exec
   
   running access
   xfail: ACCESS file rx (r)
   xfail: ACCESS file rwx (r)
   xfail: ACCESS file r (wx)
   xfail: ACCESS file rx (wx)
   xfail: ACCESS file rwx (wx)
   xfail: ACCESS dir rwx (r)
   xfail: ACCESS dir r (wx)
   xfail: ACCESS dir rx (wx)
   xfail: ACCESS dir rwx (wx)
   
   running at_secure
   
   running introspect
   
   running capabilities
   (ptrace)
   (sethostname)
   (setdomainname)
   (setpriority)
   (setscheduler)
   Error: syscall_setscheduler failed. Test 'syscall_setscheduler -- 
unconfined' was expected to 'pass'. Reason for failure 'FAIL: Can't set 
SCHED_RR: Operation not permitted'
   Error: syscall_setscheduler failed. Test 'syscall_setscheduler -- all caps' 
was expected to 'pass'. Reason for failure 'FAIL: Can't set SCHED_RR: Operation 
not permitted'
 preparing apparmor_2.13.3-7ubuntu5.dsc...  done
   Error: syscall_setscheduler failed. Test 'syscall_setscheduler -- capability 
sys_nice' was expected to 'pass'. Reason for failure 'FAIL: Can't set SCHED_RR: 
Operation not permitted'
   Error: changehat_wrapper failed. Test 'syscall_setscheduler changehat -- all 
caps' was expected to 'pass'. Reason for failure 'FAIL: Can't set SCHED_RR: 
Operation not permitted'
   Error: changehat_wrapper failed. Test 'syscall_setscheduler changehat -- 
capability sys_nice' was expected to 'pass'. Reason for failure 'FAIL: Can't 
set SCHED_RR: Operation not permitted'
   (reboot)
   (chroot)
   (mlockall)
   (net_raw)

  Please find attachment for the complete test log.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1876697/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1867717]

2020-04-08 Thread Steve Beattie

Fixes for this issue were published in USN 4318-1
https://usn.ubuntu.com/4318-1/. Closing this issue on the Ubuntu side of
things and making the report public.

Thanks for all your help!

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Bionic)
   Status: New => Fix Released

** Changed in: linux (Ubuntu Bionic)
 Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: linux (Ubuntu)
   Status: New => Fix Released

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1867717

Title:
  PPC: KVM: Book3S HV: Fix conflicting use of HSTATE_HOST_R1

Status in The Ubuntu-power-systems project:
  Triaged
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released

Bug description:
  ---Problem Description---
  Currently a malicious user can craft a code to be executed in the guest 
kernel space that puts CPU in TM suspended mode and call a hypercall (for 
instance H_PUT_TERM_CHAR, token 0x58) leading to a kernel panic on host. I was 
not able to reproduce it upstream, nonetheless it's reproducible on most 
updated stock kernel for Ubuntu Bionic Beaver, i.e 4.15.0-76.86. Guest kernel 
version is not meaningful unless TM facility is disabled (it must be enabled).

  
  ---Steps to Reproduce---
   The following hypercall fuzzer I'll trigger it: 
https://github.com/gromero/hinjector

  $ git clone https://github.com/gromero/hinjector.git && cd hinjector
  $ make
  $ make insmod
  $ sudo ./injector


  
  Currently it's possible to crash a host from a guest by calling a hypercall 
when
  CPU is in TM suspended mode. Whilst on guest a TM Bad Thing is caught, on host
  the following traces are observed:

  [  618.563991] Oops: Exception in kernel mode, sig: 4 [#1]
  [  618.563994] LE SMP NR_CPUS=2048 NUMA PowerNV
  [  618.563999] Modules linked in: xt_CHECKSUM iptable_mangle ipt_MASQUERADE
  nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4
  nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp 
bridge
  stp llc ebtable_filter ebtables devlink ip6table_filter ip6_tables 
iptable_filter
  kvm_hv kvm vmx_crypto ipmi_powernv ipmi_devintf ipmi_msghandler 
uio_pdrv_genirq
  uio leds_powernv crct10dif_vpmsum ibmpowernv powernv_rng sch_fq_codel nfsd 
auth_rpcgss
  nfs_acl lockd grace sunrpc ip_tables x_tables autofs4 xfs btrfs zstd_compress
  raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
  raid6_pq libcrc32c raid1 raid0 multipath linear lpfc crc32c_vpmsum nvmet_fc
  nvmet nvme_fc nvme_fabrics nvme_core tg3 ipr scsi_transport_fc
  [  618.564064] CPU: 51 PID: 0 Comm: swapper/51 Not tainted 4.15.0-76-generic 
#86-Ubuntu
  [  618.564066] NIP:   LR:  CTR: 
d72f0580
  [  618.564068] REGS: c0003fd9bca0 TRAP: 0e40   Not tainted  
(4.15.0-76-generic)
  [  618.564068] MSR:  900102883003   CR: 
28200222  XER: 2000
  [  618.564077] CFAR: c00f53f0 SOFTE: 0
  [  618.564077] GPR00:  c0003fd9bf20 c171c800 

  [  618.564077] GPR04: c00ff4d1 c000ff067400 0ad0cc9e 
c00fb4bc
  [  618.564077] GPR08: 80480180f000 c00dcabcbe80  
2000
  [  618.564077] GPR12: 0e80 cfaa3100  

  [  618.564077] GPR16:    

  [  618.564077] GPR20:    

  [  618.564077] GPR24:  d72e0158 009b 
009c
  [  618.564077] GPR28: 009c   
0010
  [  618.564100] NIP []   (null)
  [  618.564101] LR []   (null)
  [  618.564101] Call Trace:
  [  618.564102] Instruction dump:
  [  618.564105]        

  [  618.564109]     0100421c f2820104 001b 
0132
  [  618.564118] ---[ end trace f0be3cc10ea6fc44 ]---
  [  618.569897]
  [  618.593555] KVM: CPU 51 seems to be stuck
  [  258.967652] Kernel panic - not syncing: Attempted to kill the idle task!
  [  258.967677] Unable to handle kernel paging request for data at address 
0xc01ff6c9d700
  [  618.596478] Faulting instruction address: 0xc0077cf0
  [  618.596479] Oops: Kernel access of bad area, sig: 11 [#2]
  [  618.596480] LE SMP NR_CPUS=2048 NUMA PowerNV
  [  618.596482] Modules linked in: xt_CHECKSUM iptable_mangle ipt_MASQUERADE
  nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4
  nf_defrag_ipv4 xt_conntrack nf_conntrack

[Kernel-packages] [Bug 1865431] Re: bionic/linux-gcp: 5.0.0-1033.34 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gcp in Ubuntu.
https://bugs.launchpad.net/bugs/1865431

Title:
  bionic/linux-gcp: 5.0.0-1033.34 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  In Progress
Status in linux-gcp package in Ubuntu:
  Invalid
Status in linux-gcp source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865110
  packages:
lrm: linux-restricted-modules-gcp
main: linux-gcp
meta: linux-meta-gcp
signed: linux-signed-gcp
  phase: Testing
  phase-changed: Sunday, 08. March 2020 16:47 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
verification-testing: Ongoing -- testing in progress
  trackers:
bionic/linux-gcp/gcp-kernel: bug 1865430
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865431/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865106] Re: xenial/linux: 4.4.0-176.206 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865106

Title:
  xenial/linux: 4.4.0-176.206 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  bugs-spammed: true
  packages:
main: linux
meta: linux-meta
signed: linux-signed
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 04:15 UTC
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
trusty/linux-aws: bug 1865246
trusty/linux-lts-xenial: bug 1865143
xenial/linux-aws: bug 1865245
xenial/linux-cascade: bug 1863314
xenial/linux-fips: bug 1865199
xenial/linux-kvm: bug 1865243
xenial/linux-raspi2: bug 1863324
xenial/linux-snapdragon: bug 1863329
xenial/linux/caracalla-kernel: bug 1865103
xenial/linux/pc-kernel: bug 1865104
xenial/linux/stlouis-kernel: bug 1865105
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865106/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865245] Re: xenial/linux-aws: 4.4.0-1104.115 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1865245

Title:
  xenial/linux-aws: 4.4.0-1104.115 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-aws package in Ubuntu:
  Invalid
Status in linux-aws source package in Xenial:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865106
  packages:
main: linux-aws
meta: linux-meta-aws
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 03:55 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
xenial/linux-aws/aws-kernel: bug 1865244
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865245/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865111] Re: eoan/linux: 5.3.0-42.34 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865111

Title:
  eoan/linux: 5.3.0-42.34 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Eoan:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  bugs-spammed: true
  packages:
lrm: linux-restricted-modules
main: linux
meta: linux-meta
signed: linux-signed
  phase: Signoff
  phase-changed: Friday, 13. March 2020 17:17 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- security signoff not verified
security-signoff: Stalled -- waiting for signoff
  trackers:
bionic/linux-hwe: bug 1865139
eoan/linux-aws: bug 1865482
eoan/linux-azure: bug 1865190
eoan/linux-gcp: bug 1865491
eoan/linux-kvm: bug 1865438
eoan/linux-oracle: bug 1865493
eoan/linux-raspi2: bug 1863269
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865111/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865109] Re: bionic/linux: 4.15.0-91.92 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865109

Title:
  bionic/linux: 4.15.0-91.92 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  bugs-spammed: true
  packages:
lrm: linux-restricted-modules
main: linux
meta: linux-meta
signed: linux-signed
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 03:41 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
bionic/linux-aws: bug 1865269
bionic/linux-fips: bug 1865203
bionic/linux-gke-4.15: bug 1865255
bionic/linux-ibm-gt: bug 1865201
bionic/linux-kvm: bug 1865247
bionic/linux-oem: bug 1865200
bionic/linux-oracle: bug 1865480
bionic/linux-raspi2: bug 1864726
bionic/linux-snapdragon: bug 1864729
bionic/linux/pc-kernel: bug 1865107
bionic/linux/pc-lowlatency-kernel: bug 1865108
xenial/linux-azure: bug 1865198
xenial/linux-gcp: bug 1865251
xenial/linux-hwe: bug 1865142
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865109/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865251] Re: xenial/linux-gcp: 4.15.0-1058.62 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gcp in Ubuntu.
https://bugs.launchpad.net/bugs/1865251

Title:
  xenial/linux-gcp: 4.15.0-1058.62 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-gcp package in Ubuntu:
  Invalid
Status in linux-gcp source package in Xenial:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
main: linux-gcp
meta: linux-meta-gcp
signed: linux-signed-gcp
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 02:50 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
xenial/linux-gcp/gcp-kernel: bug 1865249
xenial/linux-gcp/gke-kernel: bug 1865250
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865251/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1864729] Re: bionic/linux-snapdragon: 4.15.0-1074.81 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-snapdragon in Ubuntu.
https://bugs.launchpad.net/bugs/1864729

Title:
  bionic/linux-snapdragon: 4.15.0-1074.81 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Invalid
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-snapdragon package in Ubuntu:
  Invalid
Status in linux-snapdragon source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
main: linux-snapdragon
meta: linux-meta-snapdragon
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 02:45 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
bionic/linux-snapdragon/dragonboard-kernel: bug 1864727
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1864729/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865247] Re: bionic/linux-kvm: 4.15.0-1056.57 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1865247

Title:
  bionic/linux-kvm: 4.15.0-1056.57 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-kvm source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
main: linux-kvm
meta: linux-meta-kvm
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 02:46 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865247/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865269] Re: bionic/linux-aws: 4.15.0-1063.67 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1865269

Title:
  bionic/linux-aws: 4.15.0-1063.67 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-aws package in Ubuntu:
  Invalid
Status in linux-aws source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
lrm: linux-restricted-modules-aws
main: linux-aws
meta: linux-meta-aws
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 02:40 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
bionic/linux-aws-fips: bug 1865419
bionic/linux-aws/aws-kernel: bug 1865268
xenial/linux-aws-hwe: bug 1865421
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865269/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865243] Re: xenial/linux-kvm: 4.4.0-1068.75 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1865243

Title:
  xenial/linux-kvm: 4.4.0-1068.75 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-kvm source package in Xenial:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865106
  packages:
main: linux-kvm
meta: linux-meta-kvm
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 01:55 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865243/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865200] Re: bionic/linux-oem: 4.15.0-1076.86 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem in Ubuntu.
https://bugs.launchpad.net/bugs/1865200

Title:
  bionic/linux-oem: 4.15.0-1076.86 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  In Progress
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-oem package in Ubuntu:
  Invalid
Status in linux-oem source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
lrm: linux-restricted-modules-oem
main: linux-oem
meta: linux-meta-oem
signed: linux-signed-oem
  phase: Testing
  phase-changed: Monday, 09. March 2020 14:26 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
certification-testing: Ongoing -- testing in progress
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865200/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865480] Re: bionic/linux-oracle: 4.15.0-1035.39 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oracle in Ubuntu.
https://bugs.launchpad.net/bugs/1865480

Title:
  bionic/linux-oracle: 4.15.0-1035.39 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  In Progress
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  In Progress
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-oracle package in Ubuntu:
  Invalid
Status in linux-oracle source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
lrm: linux-restricted-modules-oracle
main: linux-oracle
meta: linux-meta-oracle
signed: linux-signed-oracle
  phase: Testing
  phase-changed: Tuesday, 10. March 2020 21:21 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
automated-testing: Ongoing -- testing in progress
regression-testing: Ongoing -- testing in progress
  trackers:
xenial/linux-oracle: bug 1865479
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865480/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865198] Re: xenial/linux-azure: 4.15.0-1074.79 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1865198

Title:
  xenial/linux-azure: 4.15.0-1074.79 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow stakeholder-signoff series:
  Confirmed
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-azure package in Ubuntu:
  Invalid
Status in linux-azure source package in Xenial:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
main: linux-azure
meta: linux-meta-azure
signed: linux-signed-azure
  phase: Ready for Signoff
  phase-changed: Saturday, 14. March 2020 01:45 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- stakeholder signoff not verified
stakeholder-signoff: Stalled -- waiting for signoff
  trackers:
trusty/linux-azure: bug 1865197
xenial/linux-azure/azure-kernel: bug 1865196
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865198/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865193] Re: bionic/linux-azure: 5.0.0-1034.36 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1865193

Title:
  bionic/linux-azure: 5.0.0-1034.36 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow stakeholder-signoff series:
  Confirmed
Status in Kernel SRU Workflow verification-testing series:
  In Progress
Status in linux-azure package in Ubuntu:
  Invalid
Status in linux-azure source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865110
  packages:
lrm: linux-restricted-modules-azure
main: linux-azure
meta: linux-meta-azure
signed: linux-signed-azure
  phase: Testing
  phase-changed: Monday, 02. March 2020 16:21 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
stakeholder-signoff: Stalled -- waiting for signoff
verification-testing: Ongoing -- testing in progress
  trackers:
bionic/linux-azure/azure-kernel: bug 1865192
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865193/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1864726] Re: bionic/linux-raspi2: 4.15.0-1057.61 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi2 in Ubuntu.
https://bugs.launchpad.net/bugs/1864726

Title:
  bionic/linux-raspi2: 4.15.0-1057.61 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Invalid
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-raspi2 package in Ubuntu:
  Invalid
Status in linux-raspi2 source package in Bionic:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865109
  packages:
main: linux-raspi2
meta: linux-meta-raspi2
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 01:16 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
bionic/linux-raspi2/pi-kernel: bug 1864725
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1864726/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1863329] Re: xenial/linux-snapdragon: 4.4.0-1134.142 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-snapdragon in Ubuntu.
https://bugs.launchpad.net/bugs/1863329

Title:
  xenial/linux-snapdragon: 4.4.0-1134.142 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Invalid
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-snapdragon package in Ubuntu:
  Invalid
Status in linux-snapdragon source package in Xenial:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865106
  packages:
main: linux-snapdragon
meta: linux-meta-snapdragon
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 00:26 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
xenial/linux-snapdragon/dragonboard-kernel: bug 1863326
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1863329/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1863324] Re: xenial/linux-raspi2: 4.4.0-1130.139 -proposed tracker

2020-03-13 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi2 in Ubuntu.
https://bugs.launchpad.net/bugs/1863324

Title:
  xenial/linux-raspi2: 4.4.0-1130.139 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Invalid
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-raspi2 package in Ubuntu:
  Invalid
Status in linux-raspi2 source package in Xenial:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865106
  packages:
main: linux-raspi2
meta: linux-meta-raspi2
  phase: Holding before Promote to Updates
  phase-changed: Saturday, 14. March 2020 00:20 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
promote-to-updates: Holding -- cycle not ready to release
  trackers:
xenial/linux-raspi2/pi2-kernel: bug 1863322
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1863324/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865493] Re: eoan/linux-oracle: 5.3.0-1011.12 -proposed tracker

2020-03-12 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oracle in Ubuntu.
https://bugs.launchpad.net/bugs/1865493

Title:
  eoan/linux-oracle: 5.3.0-1011.12 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  In Progress
Status in linux-oracle package in Ubuntu:
  Invalid
Status in linux-oracle source package in Eoan:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865111
  packages:
lrm: linux-restricted-modules-oracle
main: linux-oracle
meta: linux-meta-oracle
signed: linux-signed-oracle
  phase: Testing
  phase-changed: Tuesday, 03. March 2020 18:22 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
verification-testing: Ongoing -- testing in progress
  trackers:
bionic/linux-oracle-5.3: bug 1865492
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865493/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865491] Re: eoan/linux-gcp: 5.3.0-1014.15 -proposed tracker

2020-03-12 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gcp in Ubuntu.
https://bugs.launchpad.net/bugs/1865491

Title:
  eoan/linux-gcp: 5.3.0-1014.15 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  In Progress
Status in linux-gcp package in Ubuntu:
  Invalid
Status in linux-gcp source package in Eoan:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865111
  packages:
lrm: linux-restricted-modules-gcp
main: linux-gcp
meta: linux-meta-gcp
signed: linux-signed-gcp
  phase: Testing
  phase-changed: Tuesday, 03. March 2020 18:22 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
verification-testing: Ongoing -- testing in progress
  trackers:
bionic/linux-gcp-5.3: bug 1865488
bionic/linux-gke-5.3: bug 1865490
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865491/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1865438] Re: eoan/linux-kvm: 5.3.0-1012.13 -proposed tracker

2020-03-12 Thread Steve Beattie

** Changed in: kernel-sru-workflow/security-signoff
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1865438

Title:
  eoan/linux-kvm: 5.3.0-1012.13 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  In Progress
Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-kvm source package in Eoan:
  Confirmed

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1865111
  packages:
main: linux-kvm
meta: linux-meta-kvm
  phase: Testing
  phase-changed: Tuesday, 10. March 2020 19:12 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
verification-testing: Ongoing -- testing in progress
  variant: debs

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1865438/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 6160 matches

Mail list logo