[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
** Changed in: linux (Ubuntu Disco) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug was fixed in the package linux-oem - 4.15.0-1076.86 --- linux-oem (4.15.0-1076.86) bionic; urgency=medium * bionic/linux-oem: 4.15.0-1076.86 -proposed tracker (LP: #1865200) [ Ubuntu: 4.15.0-91.92 ] * bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109) * CVE-2020-2732 - KVM: x86: emulate RDPID - KVM: nVMX: Don't emulate instructions in guest mode - KVM: nVMX: Refactor IO bitmap checks into helper function - KVM: nVMX: Check IO instruction VM-exit conditions linux-oem (4.15.0-1075.85) bionic; urgency=medium * bionic/linux-oem: 4.15.0-1075.85 -proposed tracker (LP: #1864730) * Packaging resync (LP: #1786013) - [Packaging] resync dkms-build and family [ Ubuntu: 4.15.0-90.91 ] * bionic/linux: 4.15.0-90.91 -proposed tracker (LP: #1864753) * dkms artifacts may expire from the pool (LP: #1850958) - [Packaging] autoreconstruct -- manage executable debian files - [packaging] handle downloads from the librarian better [ Ubuntu: 4.15.0-90.90 ] * bionic/linux: 4.15.0-90.90 -proposed tracker (LP: #1864753) * vm-segv from ubuntu_stress_smoke_test failed on B (LP: #1864063) - Revert "apparmor: don't try to replace stale label in ptrace access check" linux-oem (4.15.0-1074.84) bionic; urgency=medium * bionic/linux-oem: 4.15.0-1074.84 -proposed tracker (LP: #1863312) * Root can lift kernel lockdown via USB/IP (LP: #1861238) - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel lockdown" * r8152 init may take up to 40 seconds at initialization with Dell WD19/WD19DC during hotplug (LP: #1864284) - SAUCE: r8151: check disconnect status after long sleep * alsa/hda/realtek: fix a mute led regression on Lenovo X1 Carbon (LP: #1864576) - SAUCE: ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 [ Ubuntu: 4.15.0-89.89 ] * bionic/linux: 4.15.0-89.89 -proposed tracker (LP: #1863350) * [SRU][B/OEM-B] Fix multitouch support on some devices (LP: #1862567) - HID: core: move the dynamic quirks handling in core - HID: quirks: move the list of special devices into a quirk - HID: core: move the list of ignored devices in hid-quirks.c - HID: core: remove the absolute need of hid_have_special_driver[] * [linux] Patch to prevent possible data corruption (LP: #1848739) - blk-mq: silence false positive warnings in hctx_unlock() * Add bpftool to linux-tools-common (LP: #1774815) - tools/bpftool: fix bpftool build with bintutils >= 2.9 - bpftool: make libbfd optional - [Debian] Remove binutils-dev build dependency - [Debian] package bpftool in linux-tools-common * Root can lift kernel lockdown via USB/IP (LP: #1861238) - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel lockdown" * [Bionic] i915 incomplete fix for CVE-2019-14615 (LP: #1862840) // CVE-2020-8832 - drm/i915: Use same test for eviction and submitting kernel context - drm/i915: Define an engine class enum for the uABI - drm/i915: Force the switch to the i915->kernel_context - drm/i915: Move GT powersaving init to i915_gem_init() - drm/i915: Move intel_init_clock_gating() to i915_gem_init() - drm/i915: Inline intel_modeset_gem_init() - drm/i915: Mark the context state as dirty/written - drm/i915: Record the default hw state after reset upon load * Bionic update: upstream stable patchset 2020-02-12 (LP: #1863019) - xfs: Sanity check flags of Q_XQUOTARM call - mfd: intel-lpss: Add default I2C device properties for Gemini Lake - powerpc/archrandom: fix arch_get_random_seed_int() - tipc: fix wrong timeout input for tipc_wait_for_cond() - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready - crypto: sun4i-ss - fix big endian issues - drm/sti: do not remove the drm_bridge that was never added - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() - ALSA: hda: fix unused variable warning - apparmor: don't try to replace stale label in ptrace access check - PCI: iproc: Remove PAXC slot check to allow VF support - drm/hisilicon: hibmc: Don't overwrite fb helper surface depth - IB/rxe: replace kvfree with vfree - IB/hfi1: Add mtu check for operational data VLs - ALSA: usb-audio: update quirk for B PX to remove microphone - staging: comedi: ni_mio_common: protect register write overflow - pwm: lpss: Release runtime-pm reference from the driver's remove callback - drm/sun4i: hdmi: Fix double flag assignation - mlxsw: reg: QEEC: Add minimum shaper fields - NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks - pcrypt: use format specifier in kobject_add - exportfs: fix 'passing zero to ERR_PTR()' warning - drm/dp_mst: Skip validating ports during destruction, just ref - net: phy: Fix not to call phy_resume() if PHY is not attached - IB/rxe: Fix incorrect cache cleanup in error flow
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug was fixed in the package linux-oem - 4.15.0-1076.86 --- linux-oem (4.15.0-1076.86) bionic; urgency=medium * bionic/linux-oem: 4.15.0-1076.86 -proposed tracker (LP: #1865200) [ Ubuntu: 4.15.0-91.92 ] * bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109) * CVE-2020-2732 - KVM: x86: emulate RDPID - KVM: nVMX: Don't emulate instructions in guest mode - KVM: nVMX: Refactor IO bitmap checks into helper function - KVM: nVMX: Check IO instruction VM-exit conditions linux-oem (4.15.0-1075.85) bionic; urgency=medium * bionic/linux-oem: 4.15.0-1075.85 -proposed tracker (LP: #1864730) * Packaging resync (LP: #1786013) - [Packaging] resync dkms-build and family [ Ubuntu: 4.15.0-90.91 ] * bionic/linux: 4.15.0-90.91 -proposed tracker (LP: #1864753) * dkms artifacts may expire from the pool (LP: #1850958) - [Packaging] autoreconstruct -- manage executable debian files - [packaging] handle downloads from the librarian better [ Ubuntu: 4.15.0-90.90 ] * bionic/linux: 4.15.0-90.90 -proposed tracker (LP: #1864753) * vm-segv from ubuntu_stress_smoke_test failed on B (LP: #1864063) - Revert "apparmor: don't try to replace stale label in ptrace access check" linux-oem (4.15.0-1074.84) bionic; urgency=medium * bionic/linux-oem: 4.15.0-1074.84 -proposed tracker (LP: #1863312) * Root can lift kernel lockdown via USB/IP (LP: #1861238) - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel lockdown" * r8152 init may take up to 40 seconds at initialization with Dell WD19/WD19DC during hotplug (LP: #1864284) - SAUCE: r8151: check disconnect status after long sleep * alsa/hda/realtek: fix a mute led regression on Lenovo X1 Carbon (LP: #1864576) - SAUCE: ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 [ Ubuntu: 4.15.0-89.89 ] * bionic/linux: 4.15.0-89.89 -proposed tracker (LP: #1863350) * [SRU][B/OEM-B] Fix multitouch support on some devices (LP: #1862567) - HID: core: move the dynamic quirks handling in core - HID: quirks: move the list of special devices into a quirk - HID: core: move the list of ignored devices in hid-quirks.c - HID: core: remove the absolute need of hid_have_special_driver[] * [linux] Patch to prevent possible data corruption (LP: #1848739) - blk-mq: silence false positive warnings in hctx_unlock() * Add bpftool to linux-tools-common (LP: #1774815) - tools/bpftool: fix bpftool build with bintutils >= 2.9 - bpftool: make libbfd optional - [Debian] Remove binutils-dev build dependency - [Debian] package bpftool in linux-tools-common * Root can lift kernel lockdown via USB/IP (LP: #1861238) - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel lockdown" * [Bionic] i915 incomplete fix for CVE-2019-14615 (LP: #1862840) // CVE-2020-8832 - drm/i915: Use same test for eviction and submitting kernel context - drm/i915: Define an engine class enum for the uABI - drm/i915: Force the switch to the i915->kernel_context - drm/i915: Move GT powersaving init to i915_gem_init() - drm/i915: Move intel_init_clock_gating() to i915_gem_init() - drm/i915: Inline intel_modeset_gem_init() - drm/i915: Mark the context state as dirty/written - drm/i915: Record the default hw state after reset upon load * Bionic update: upstream stable patchset 2020-02-12 (LP: #1863019) - xfs: Sanity check flags of Q_XQUOTARM call - mfd: intel-lpss: Add default I2C device properties for Gemini Lake - powerpc/archrandom: fix arch_get_random_seed_int() - tipc: fix wrong timeout input for tipc_wait_for_cond() - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready - crypto: sun4i-ss - fix big endian issues - drm/sti: do not remove the drm_bridge that was never added - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() - ALSA: hda: fix unused variable warning - apparmor: don't try to replace stale label in ptrace access check - PCI: iproc: Remove PAXC slot check to allow VF support - drm/hisilicon: hibmc: Don't overwrite fb helper surface depth - IB/rxe: replace kvfree with vfree - IB/hfi1: Add mtu check for operational data VLs - ALSA: usb-audio: update quirk for B PX to remove microphone - staging: comedi: ni_mio_common: protect register write overflow - pwm: lpss: Release runtime-pm reference from the driver's remove callback - drm/sun4i: hdmi: Fix double flag assignation - mlxsw: reg: QEEC: Add minimum shaper fields - NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks - pcrypt: use format specifier in kobject_add - exportfs: fix 'passing zero to ERR_PTR()' warning - drm/dp_mst: Skip validating ports during destruction, just ref - net: phy: Fix not to call phy_resume() if PHY is not attached - IB/rxe: Fix incorrect cache cleanup in error flow
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug was fixed in the package linux - 5.4.0-18.22 --- linux (5.4.0-18.22) focal; urgency=medium * focal/linux: 5.4.0-18.22 -proposed tracker (LP: #1866488) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts * Add sysfs attribute to show remapped NVMe (LP: #1863621) - SAUCE: ata: ahci: Add sysfs attribute to show remapped NVMe device count * [20.04 FEAT] Compression improvements in Linux kernel (LP: #1830208) - lib/zlib: add s390 hardware support for kernel zlib_deflate - s390/boot: rename HEAP_SIZE due to name collision - lib/zlib: add s390 hardware support for kernel zlib_inflate - s390/boot: add dfltcc= kernel command line parameter - lib/zlib: add zlib_deflate_dfltcc_enabled() function - btrfs: use larger zlib buffer for s390 hardware compression - [Config] Introducing s390x specific kernel config option CONFIG_ZLIB_DFLTCC * [UBUNTU 20.04] s390x/pci: increase CONFIG_PCI_NR_FUNCTIONS to 512 in kernel config (LP: #1866056) - [Config] Increase CONFIG_PCI_NR_FUNCTIONS from 64 to 512 starting with focal on s390x * CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set (LP: #1865332) - [Config] CONFIG_IP_MROUTE_MULTIPLE_TABLES=y * Dell XPS 13 9300 Intel 1650S wifi [34f0:1651] fails to load firmware (LP: #1865962) - iwlwifi: remove IWL_DEVICE_22560/IWL_DEVICE_FAMILY_22560 - iwlwifi: 22000: fix some indentation - iwlwifi: pcie: rx: use rxq queue_size instead of constant - iwlwifi: allocate more receive buffers for HE devices - iwlwifi: remove some outdated iwl22000 configurations - iwlwifi: assume the driver_data is a trans_cfg, but allow full cfg * [FOCAL][REGRESSION] Intel Gen 9 brightness cannot be controlled (LP: #1861521) - Revert "USUNTU: SAUCE: drm/i915: Force DPCD backlight mode on Dell Precision 4K sku" - Revert "UBUNTU: SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel" - SAUCE: drm/dp: Introduce EDID-based quirks - SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel - SAUCE: drm/i915: Force DPCD backlight mode for some Dell CML 2020 panels * [20.04 FEAT] Enable proper kprobes on ftrace support (LP: #1865858) - s390/ftrace: save traced function caller - s390: support KPROBES_ON_FTRACE * alsa/sof: load different firmware on different platforms (LP: #1857409) - ASoC: SOF: Intel: hda: use fallback for firmware name - ASoC: Intel: acpi-match: split CNL tables in three - ASoC: SOF: Intel: Fix CFL and CML FW nocodec binary names. * [UBUNTU 20.04] Enable CONFIG_NET_SWITCHDEV in kernel config for s390x starting with focal (LP: #1865452) - [Config] Enable CONFIG_NET_SWITCHDEV in kernel config for s390x starting with focal * Focal update: v5.4.24 upstream stable release (LP: #1866333) - io_uring: grab ->fs as part of async offload - EDAC: skx_common: downgrade message importance on missing PCI device - net: dsa: b53: Ensure the default VID is untagged - net: fib_rules: Correctly set table field when table number exceeds 8 bits - net: macb: ensure interface is not suspended on at91rm9200 - net: mscc: fix in frame extraction - net: phy: restore mdio regs in the iproc mdio driver - net: sched: correct flower port blocking - net/tls: Fix to avoid gettig invalid tls record - nfc: pn544: Fix occasional HW initialization failure - qede: Fix race between rdma destroy workqueue and link change event - Revert "net: dev: introduce support for sch BYPASS for lockless qdisc" - udp: rehash on disconnect - sctp: move the format error check out of __sctp_sf_do_9_1_abort - bnxt_en: Improve device shutdown method. - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs. - bonding: add missing netdev_update_lockdep_key() - net: export netdev_next_lower_dev_rcu() - bonding: fix lockdep warning in bond_get_stats() - ipv6: Fix route replacement with dev-only route - ipv6: Fix nlmsg_flags when splitting a multipath route - ipmi:ssif: Handle a possible NULL pointer reference - drm/msm: Set dma maximum segment size for mdss - sched/core: Don't skip remote tick for idle CPUs - timers/nohz: Update NOHZ load in remote tick - sched/fair: Prevent unlimited runtime on throttled group - dax: pass NOWAIT flag to iomap_apply - mac80211: consider more elements in parsing CRC - cfg80211: check wiphy driver existence for drvinfo report - s390/zcrypt: fix card and queue total counter wrap - qmi_wwan: re-add DW5821e pre-production variant - qmi_wwan: unconditionally reject 2 ep interfaces - NFSv4: Fix races between open and dentry revalidation - perf/smmuv3: Use platform_get_irq_optional() for wired interrupt - perf/x86/intel: Add Elkhart Lake support - perf/x86/cstate: Add Tremont
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug was fixed in the package linux - 4.15.0-91.92 --- linux (4.15.0-91.92) bionic; urgency=medium * bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109) * CVE-2020-2732 - KVM: x86: emulate RDPID - KVM: nVMX: Don't emulate instructions in guest mode - KVM: nVMX: Refactor IO bitmap checks into helper function - KVM: nVMX: Check IO instruction VM-exit conditions linux (4.15.0-90.91) bionic; urgency=medium * bionic/linux: 4.15.0-90.91 -proposed tracker (LP: #1864753) * dkms artifacts may expire from the pool (LP: #1850958) - [Packaging] autoreconstruct -- manage executable debian files - [packaging] handle downloads from the librarian better linux (4.15.0-90.90) bionic; urgency=medium * bionic/linux: 4.15.0-90.90 -proposed tracker (LP: #1864753) * vm-segv from ubuntu_stress_smoke_test failed on B (LP: #1864063) - Revert "apparmor: don't try to replace stale label in ptrace access check" linux (4.15.0-89.89) bionic; urgency=medium * bionic/linux: 4.15.0-89.89 -proposed tracker (LP: #1863350) * [SRU][B/OEM-B] Fix multitouch support on some devices (LP: #1862567) - HID: core: move the dynamic quirks handling in core - HID: quirks: move the list of special devices into a quirk - HID: core: move the list of ignored devices in hid-quirks.c - HID: core: remove the absolute need of hid_have_special_driver[] * [linux] Patch to prevent possible data corruption (LP: #1848739) - blk-mq: silence false positive warnings in hctx_unlock() * Add bpftool to linux-tools-common (LP: #1774815) - tools/bpftool: fix bpftool build with bintutils >= 2.9 - bpftool: make libbfd optional - [Debian] Remove binutils-dev build dependency - [Debian] package bpftool in linux-tools-common * Root can lift kernel lockdown via USB/IP (LP: #1861238) - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel lockdown" * [Bionic] i915 incomplete fix for CVE-2019-14615 (LP: #1862840) // CVE-2020-8832 - drm/i915: Use same test for eviction and submitting kernel context - drm/i915: Define an engine class enum for the uABI - drm/i915: Force the switch to the i915->kernel_context - drm/i915: Move GT powersaving init to i915_gem_init() - drm/i915: Move intel_init_clock_gating() to i915_gem_init() - drm/i915: Inline intel_modeset_gem_init() - drm/i915: Mark the context state as dirty/written - drm/i915: Record the default hw state after reset upon load * Bionic update: upstream stable patchset 2020-02-12 (LP: #1863019) - xfs: Sanity check flags of Q_XQUOTARM call - mfd: intel-lpss: Add default I2C device properties for Gemini Lake - powerpc/archrandom: fix arch_get_random_seed_int() - tipc: fix wrong timeout input for tipc_wait_for_cond() - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready - crypto: sun4i-ss - fix big endian issues - drm/sti: do not remove the drm_bridge that was never added - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() - ALSA: hda: fix unused variable warning - apparmor: don't try to replace stale label in ptrace access check - PCI: iproc: Remove PAXC slot check to allow VF support - drm/hisilicon: hibmc: Don't overwrite fb helper surface depth - IB/rxe: replace kvfree with vfree - IB/hfi1: Add mtu check for operational data VLs - ALSA: usb-audio: update quirk for B PX to remove microphone - staging: comedi: ni_mio_common: protect register write overflow - pwm: lpss: Release runtime-pm reference from the driver's remove callback - drm/sun4i: hdmi: Fix double flag assignation - mlxsw: reg: QEEC: Add minimum shaper fields - NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks - pcrypt: use format specifier in kobject_add - exportfs: fix 'passing zero to ERR_PTR()' warning - drm/dp_mst: Skip validating ports during destruction, just ref - net: phy: Fix not to call phy_resume() if PHY is not attached - IB/rxe: Fix incorrect cache cleanup in error flow - staging: bcm2835-camera: Abort probe if there is no camera - switchtec: Remove immediate status check after submitting MRPC command - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field - pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value - vxlan: changelink: Fix handling of default remotes -
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug was fixed in the package linux - 5.3.0-42.34 --- linux (5.3.0-42.34) eoan; urgency=medium * eoan/linux: 5.3.0-42.34 -proposed tracker (LP: #1865111) * CVE-2020-2732 - KVM: nVMX: Don't emulate instructions in guest mode - KVM: nVMX: Refactor IO bitmap checks into helper function - KVM: nVMX: Check IO instruction VM-exit conditions linux (5.3.0-41.33) eoan; urgency=medium * eoan/linux: 5.3.0-41.33 -proposed tracker (LP: #1863294) * CVE-2019-3016 - x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit - x86/kvm: Introduce kvm_(un)map_gfn() - x86/kvm: Cache gfn to pfn translation - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed - x86/KVM: Clean up host's steal time structure * Reduce s2idle power consumption when ethernet cable is connected on e1000e (LP: #1859126) - e1000e: Add support for S0ix * alsa/sof: let legacy hda driver and sof driver co-exist (LP: #1837828) - ASoC: Intel: Skylake: move NHLT header to common directory - ALSA: hda: move parts of NHLT code to new module - ALSA: hda: intel-nhlt: handle NHLT VENDOR_DEFINED DMIC geometry - ASoC: Intel: Skylake: use common NHLT module - ALSA: hda/intel: stop probe if DMICS are detected on Skylake+ platforms - [Config] Enable SND_HDA_INTEL_DETECT_DMIC * USB key cannot be detected by hotplug on Sunix USB Type-A 3.1 Gen 2 card [1b21:2142] (LP: #1858988) - SAUCE: PCI: Avoid ASMedia XHCI USB PME# from D0 defect * ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets (LP: #1860969) - vti[6]: fix packet tx through bpf_redirect() - xfrm interface: fix packet tx through bpf_redirect() * peripheral devices on Dell WD19TB cannot be detected after suspend resume (LP: #1859407) - PCI: irq: Introduce rearm_wake_irq() - ACPICA: Return u32 from acpi_dispatch_gpe() - ACPI: EC: Return bool from acpi_ec_dispatch_gpe() - ACPI: PM: Set s2idle_wakeup earlier and clear it later - PM: sleep: Simplify suspend-to-idle control flow - ACPI: EC: Rework flushing of pending work * Dell XPS 13 (7390) Display Flickering - 19.10 (LP: #1849947) - SAUCE: drm/i915: Disable PSR by default on all platforms * Root can lift kernel lockdown via USB/IP (LP: #1861238) - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel lockdown" * [CML-H] Add intel_thermal_pch driver support Comet Lake -H (LP: #1853219) - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support * Eoan update: upstream stable patchset 2020-02-07 (LP: #1862429) - ARM: dts: meson8: fix the size of the PMU registers - clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs - dt-bindings: reset: meson8b: fix duplicate reset IDs - ARM: dts: imx6q-dhcom: fix rtc compatible - clk: Don't try to enable critical clocks if prepare failed - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use - iio: buffer: align the size of scan bytes to size of the largest element - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx - USB: serial: option: Add support for Quectel RM500Q - USB: serial: opticon: fix control-message timeouts - USB: serial: option: add support for Quectel RM500Q in QDL mode - USB: serial: suppress driver bind attributes - USB: serial: ch341: handle unbound port at reset_resume - USB: serial: io_edgeport: handle unbound ports on URB completion - USB: serial: io_edgeport: add missing active-port sanity check - USB: serial: keyspan: handle unbound ports - USB: serial: quatech2: handle unbound ports - scsi: fnic: fix invalid stack access - scsi: mptfusion: Fix double fetch bug in ioctl - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 - ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1 - ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection - ALSA: dice: fix fallback from protocol extension into limited functionality - ALSA: seq: Fix racy access for queue timer in proc read - ALSA: usb-audio: fix sync-ep altsetting sanity check - arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator - Fix built-in early-load Intel microcode alignment - block: fix an integer overflow in logical block size - ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() - usb: core: hub: Improved device recognition on remote wakeup - x86/resctrl: Fix an imbalance in domain_remove_cpu() - x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained - x86/efistub: Disable paging at mixed mode entry - drm/i915: Add missing include file - x86/resctrl: Fix potential memory leak - perf hists: Fix variable name's inconsistency in hists__for_each() macro - perf report: Fix incorrectly added dimensions
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
** Also affects: linux-oem (Ubuntu) Importance: Undecided Status: New ** No longer affects: linux-oem (Ubuntu Xenial) ** No longer affects: linux-oem (Ubuntu Disco) ** No longer affects: linux-oem (Ubuntu Eoan) ** No longer affects: linux-oem (Ubuntu Focal) ** Changed in: linux-oem (Ubuntu Bionic) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
I've also verified the fix in 5.3.0-41.33-generic. ** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
I've verified the fix in 4.15.0-89.89-generic. The sysrq help message is printed to the kernel log when trying to lift lockdown with the proof- of-concept and when trying to lift lockdown with alt+sysrq+x. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
** Changed in: linux (Ubuntu Eoan) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Disco) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
Proposed fixes have been sent to the kernel-team list. Focal: https://lists.ubuntu.com/archives/kernel-team/2020-February/107324.html Eoan: https://lists.ubuntu.com/archives/kernel-team/2020-February/107326.html Disco: https://lists.ubuntu.com/archives/kernel-team/2020-February/107328.html Bionic: https://lists.ubuntu.com/archives/kernel-team/2020-February/107330.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
Xenial doesn't have support for lifting lockdown features via sysrq so I'm marking its task as invalid. ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: High Assignee: Tyler Hicks (tyhicks) Status: In Progress ** Also affects: linux (Ubuntu Disco) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Eoan) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Eoan) Importance: Undecided => High ** Changed in: linux (Ubuntu Eoan) Status: New => In Progress ** Changed in: linux (Ubuntu Disco) Status: New => In Progress ** Changed in: linux (Ubuntu Disco) Importance: Undecided => High ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => High ** Changed in: linux (Ubuntu Disco) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: linux (Ubuntu Eoan) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: linux (Ubuntu Xenial) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
Thanks for the report! After speaking with the security team, we've come to an agreement that removing the lockdown lift sysrq is the best thing to do. We understand that a small amount of users may rely on that sysrq today to do things like writing to an MSR but they'll still be able to achieve a lockdown free environment by running 'mokutil --disable- validation' and rebooting. ** Changed in: linux (Ubuntu) Importance: Undecided => High ** Changed in: linux (Ubuntu) Status: Confirmed => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
** Description changed: + [Impact] + It's possible to turn off kernel lockdown by emulating a USB keyboard via USB/IP and sending an Alt+SysRq+X key combination through it. Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and CONFIG_USBIP_CORE=m) with signed usbip_core and vhci_hcd modules provided in the linux-extra-modules-* package. See the PoC here: https://github.com/xairy/unlockdown#method-1-usbip + + [Test Case] + + $ git clone https://github.com/xairy/unlockdown.git + $ cd unlockdown/01-usbip/ + $ sudo ./run.sh + $ dmesg + + # Ensure there are no log entries talking about lifting lockdown: + sysrq: SysRq : Disabling Secure Boot restrictions + Lifting lockdown + + # You should see a SysRq help log entry because the Alt+SysRq+X + # combination should be disabled + sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z) + + [Regression Potential] + + Some users may see a usability regression due to the Lockdown lift sysrq + combination being removed. Some users are known to disable lockdown, + using the sysrq combination, in order to perform some "dangerous" + operation such as writing to an MSR. It is believed that this is a small + number of users but it is impossible to know for sure. + + Users that rely on this functionality may need to permanently disable + secure boot using 'mokutil --disable-validation'. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861238] Re: Root can lift kernel lockdown via USB/IP
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs