** Changed in: linux (Ubuntu Disco)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861238
Title:
Root can lift kernel lockdown via USB/IP
To manage
This bug was fixed in the package linux-oem - 4.15.0-1076.86
---
linux-oem (4.15.0-1076.86) bionic; urgency=medium
* bionic/linux-oem: 4.15.0-1076.86 -proposed tracker (LP: #1865200)
[ Ubuntu: 4.15.0-91.92 ]
* bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109)
*
This bug was fixed in the package linux-oem - 4.15.0-1076.86
---
linux-oem (4.15.0-1076.86) bionic; urgency=medium
* bionic/linux-oem: 4.15.0-1076.86 -proposed tracker (LP: #1865200)
[ Ubuntu: 4.15.0-91.92 ]
* bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109)
*
This bug was fixed in the package linux - 5.4.0-18.22
---
linux (5.4.0-18.22) focal; urgency=medium
* focal/linux: 5.4.0-18.22 -proposed tracker (LP: #1866488)
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
- [Packaging] update helper scripts
* Add
This bug was fixed in the package linux - 4.15.0-91.92
---
linux (4.15.0-91.92) bionic; urgency=medium
* bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109)
* CVE-2020-2732
- KVM: x86: emulate RDPID
- KVM: nVMX: Don't emulate instructions in guest mode
- KVM:
This bug was fixed in the package linux - 5.3.0-42.34
---
linux (5.3.0-42.34) eoan; urgency=medium
* eoan/linux: 5.3.0-42.34 -proposed tracker (LP: #1865111)
* CVE-2020-2732
- KVM: nVMX: Don't emulate instructions in guest mode
- KVM: nVMX: Refactor IO bitmap checks into
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
focal' to 'verification-done-focal'. If the problem still exists, change
the tag
** Also affects: linux-oem (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: linux-oem (Ubuntu Xenial)
** No longer affects: linux-oem (Ubuntu Disco)
** No longer affects: linux-oem (Ubuntu Eoan)
** No longer affects: linux-oem (Ubuntu Focal)
** Changed in: linux-oem
I've also verified the fix in 5.3.0-41.33-generic.
** Tags removed: verification-needed-eoan
** Tags added: verification-done-eoan
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861238
Title:
Root
I've verified the fix in 4.15.0-89.89-generic. The sysrq help message is
printed to the kernel log when trying to lift lockdown with the proof-
of-concept and when trying to lift lockdown with alt+sysrq+x.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
eoan' to 'verification-done-eoan'. If the problem still exists, change
the tag
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag
** Changed in: linux (Ubuntu Eoan)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Disco)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are
Proposed fixes have been sent to the kernel-team list.
Focal: https://lists.ubuntu.com/archives/kernel-team/2020-February/107324.html
Eoan: https://lists.ubuntu.com/archives/kernel-team/2020-February/107326.html
Disco: https://lists.ubuntu.com/archives/kernel-team/2020-February/107328.html
Xenial doesn't have support for lifting lockdown features via sysrq so
I'm marking its task as invalid.
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux
Thanks for the report! After speaking with the security team, we've come
to an agreement that removing the lockdown lift sysrq is the best thing
to do. We understand that a small amount of users may rely on that sysrq
today to do things like writing to an MSR but they'll still be able to
achieve a
** Description changed:
+ [Impact]
+
It's possible to turn off kernel lockdown by emulating a USB keyboard
via USB/IP and sending an Alt+SysRq+X key combination through it.
Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and
CONFIG_USBIP_CORE=m) with signed usbip_core
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861238
Title:
Root can lift kernel lockdown via USB/IP
To manage notifications
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861238
Title:
Root can lift kernel lockdown via USB/IP
To manage notifications about this
19 matches
Mail list logo
