** Changed in: ubuntu-kernel-tests
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928028
Title:
io_uring02 from ubuntu_ltp_syscalls fails on F/oem-5.6 (timeouted /
** Changed in: linux-oem-5.6 (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928028
Title:
io_uring02 from ubuntu_ltp_syscalls fails on F/oem-5.6 (timeouted /
https://lists.ubuntu.com/archives/kernel-team/2021-May/120236.html
Sent fix to mailing list.
** Description changed:
- io_uring02 from ubuntu_ltp_syscalls fails on F/oem-5.6 5.6.0-1056.60 on
- host spitfire
+ [Impact]
+ When using async io_uring OP_SENDMSG, a copy to kernel address 0 might be
It looks like all necessary commits for CVE-2020-29373 are there on the
5.6 kernel.
I am investigating if this is caused by missing commit
dd821e0c95a64b5923a0c57f07d3f7563553e756 ("io_uring: fix missing
msg_name assignment").
** CVE added:
** Changed in: linux-oem-5.6 (Ubuntu Focal)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
** Changed in: linux-oem-5.6 (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: linux-oem-5.6 (Ubuntu Focal)
Status: New => In Progress
--
You received this
** Also affects: linux-oem-5.6 (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928028
Title:
io_uring02 from ubuntu_ltp_syscalls fails on
I have verified this on various kernels (4.4 / 4.15 / 5.4 / 5.8 / 5.10
OEM). It looks like this is only affecting 5.6 OEM.
Traces can be found in dmesg:
[ 1377.246198] LTP: starting io_uring02
[ 1377.248923] usercopy: Kernel memory overwrite attempt detected to null
address (offset 0, size 110)!
