[Kernel-packages] [Bug 1815259] Re: BPF: kernel pointer leak to unprivileged userspace
This bug was fixed in the package linux - 4.15.0-47.50 --- linux (4.15.0-47.50) bionic; urgency=medium * linux: 4.15.0-47.50 -proposed tracker (LP: #1819716) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts - [Packaging] resync retpoline extraction * C++ demangling support missing from perf (LP: #1396654) - [Packaging] fix a mistype * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162) - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747) - nvme-pci: fix out of bounds access in nvme_cqe_pending * CVE-2019-9213 - mm: enforce min addr even if capable() in expand_downwards() * CVE-2019-3460 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt * amdgpu with mst WARNING on blanking (LP: #1814308) - drm/amd/display: Don't use dc_link in link_encoder - drm/amd/display: Move wait for hpd ready out from edp power control. - drm/amd/display: eDP sequence BL off first then DP blank. - drm/amd/display: Fix unused variable compilation error - drm/amd/display: Fix warning about misaligned code - drm/amd/display: Fix MST dp_blank REG_WAIT timeout * tun/tap: unable to manage carrier state from userland (LP: #1806392) - tun: implement carrier change * CVE-2019-8980 - exec: Fix mem leak in kernel_read_file * raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic (LP: #1811194) - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress * [Packaging] Allow overlay of config annotations (LP: #1752072) - [Packaging] config-check: Add an include directive * CVE-2019-7308 - bpf: move {prev_,}insn_idx into verifier env - bpf: move tmp variable into ax register in interpreter - bpf: enable access to ax register also from verifier rewrite - bpf: restrict map value pointer arithmetic for unprivileged - bpf: restrict stack pointer arithmetic for unprivileged - bpf: restrict unknown scalars of mixed signed bounds for unprivileged - bpf: fix check_map_access smin_value test when pointer contains offset - bpf: prevent out of bounds speculation on pointer arithmetic - bpf: fix sanitation of alu op with pointer / scalar type from different paths - bpf: add various test cases to selftests * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - bpf: fix inner map masking to prevent oob under speculation * BPF: kernel pointer leak to unprivileged userspace (LP: #1815259) - bpf/verifier: disallow pointer subtraction * squashfs hardening (LP: #1816756) - squashfs: more metadata hardening - squashfs metadata 2: electric boogaloo - squashfs: more metadata hardening - Squashfs: Compute expected length from inode size rather than block length * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982) - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted * Update ENA driver to version 2.0.3K (LP: #1816806) - net: ena: update driver version from 2.0.2 to 2.0.3 - net: ena: fix race between link up and device initalization - net: ena: fix crash during failed resume from hibernation * ipset kernel error: 4.15.0-43-generic (LP: #1811394) - netfilter: ipset: Fix wraparound in hash:*net* types * Silent "Unknown key" message when pressing keyboard backlight hotkey (LP: #1817063) - platform/x86: dell-wmi: Ignore new keyboard backlight change event * CVE-2018-18021 - arm64: KVM: Tighten guest core register access from userspace - KVM: arm/arm64: Introduce vcpu_el1_is_32bit - arm64: KVM: Sanitize PSTATE.M when being set from userspace * CVE-2018-14678 - x86/entry/64: Remove %ebx handling from error_entry/exit * CVE-2018-19824 - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c * CVE-2019-3459 - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer * Bionic update: upstream stable patchset 2019-02-08 (LP: #1815234) - fork: unconditionally clear stack on fork - spi: spi-s3c64xx: Fix system resume support - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST - kvm, mm: account shadow page tables to kmemcg - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure - tracing: Fix double free of event_trigger_data - tracing: Fix possible double free in event_enable_trigger_func() - kthread, tracing: Don't expose half-written comm when creating kthreads - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure - tracing: Quiet gcc warning about maybe unused link variab
[Kernel-packages] [Bug 1815259] Re: BPF: kernel pointer leak to unprivileged userspace
The "check subtraction on pointers for unpriv" test from test_verifier succeeds when running under the kernel from bionic-proposed. In fact, all tests in test_verifier pass. Verification is complete. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1815259 Title: BPF: kernel pointer leak to unprivileged userspace Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Bug description: [Impact] Per Jann Horn, "Upstream commit dd066823db2ac4e22f721ec85190817b58059a54 ("bpf/verifier: disallow pointer subtraction") fixes a security bug (kernel pointer leak to unprivileged userspace)." https://lore.kernel.org/netdev/CAG48ez1=zogmdsue38hkg73ea4en+5qotltmzme+pgcthhw...@mail.gmail.com/ [Test Case] Run the "check subtraction on pointers for unpriv" test from tools/testing/selftests/bpf/test_verifier.c. The test should pass if the bug is fixed, fail otherwise. [Regression Potential] The change could cause a regression in an unprivileged process that is using eBPF. I suspect that this is unlikely. The alternative is to leave a potential security hole open. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1815259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1815259] Re: BPF: kernel pointer leak to unprivileged userspace
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1815259 Title: BPF: kernel pointer leak to unprivileged userspace Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Bug description: [Impact] Per Jann Horn, "Upstream commit dd066823db2ac4e22f721ec85190817b58059a54 ("bpf/verifier: disallow pointer subtraction") fixes a security bug (kernel pointer leak to unprivileged userspace)." https://lore.kernel.org/netdev/CAG48ez1=zogmdsue38hkg73ea4en+5qotltmzme+pgcthhw...@mail.gmail.com/ [Test Case] Run the "check subtraction on pointers for unpriv" test from tools/testing/selftests/bpf/test_verifier.c. The test should pass if the bug is fixed, fail otherwise. [Regression Potential] The change could cause a regression in an unprivileged process that is using eBPF. I suspect that this is unlikely. The alternative is to leave a potential security hole open. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1815259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1815259] Re: BPF: kernel pointer leak to unprivileged userspace
** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1815259 Title: BPF: kernel pointer leak to unprivileged userspace Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Bug description: [Impact] Per Jann Horn, "Upstream commit dd066823db2ac4e22f721ec85190817b58059a54 ("bpf/verifier: disallow pointer subtraction") fixes a security bug (kernel pointer leak to unprivileged userspace)." https://lore.kernel.org/netdev/CAG48ez1=zogmdsue38hkg73ea4en+5qotltmzme+pgcthhw...@mail.gmail.com/ [Test Case] Run the "check subtraction on pointers for unpriv" test from tools/testing/selftests/bpf/test_verifier.c. The test should pass if the bug is fixed, fail otherwise. [Regression Potential] The change could cause a regression in an unprivileged process that is using eBPF. I suspect that this is unlikely. The alternative is to leave a potential security hole open. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1815259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1815259] Re: BPF: kernel pointer leak to unprivileged userspace
** Tags added: bjf-tracking -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1815259 Title: BPF: kernel pointer leak to unprivileged userspace Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: In Progress Bug description: [Impact] Per Jann Horn, "Upstream commit dd066823db2ac4e22f721ec85190817b58059a54 ("bpf/verifier: disallow pointer subtraction") fixes a security bug (kernel pointer leak to unprivileged userspace)." https://lore.kernel.org/netdev/CAG48ez1=zogmdsue38hkg73ea4en+5qotltmzme+pgcthhw...@mail.gmail.com/ [Test Case] Run the "check subtraction on pointers for unpriv" test from tools/testing/selftests/bpf/test_verifier.c. The test should pass if the bug is fixed, fail otherwise. [Regression Potential] The change could cause a regression in an unprivileged process that is using eBPF. I suspect that this is unlikely. The alternative is to leave a potential security hole open. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1815259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp