Ubuntu
linux-aws package

hirsute:linux-aws ubuntu_ltp Failed test cases : cve-2018-13405

Bug #1951132 reported by Tim Gardner on 2021-11-16

This bug report is a duplicate of: Bug #1950239: creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve failed with XFS. Edit Remove

This bug affects 1 person

	Status	Importance	Assigned to
ubuntu-kernel-tests	New	Undecided	Unassigned
linux-aws (Ubuntu)	New	Undecided	Unassigned
Hirsute	New	Undecided	Unassigned

Bug Description

sru-aws-aws-a1.medium-ubuntu_ltp-log.txt:04:40:40 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-a1.metal-ubuntu_ltp-log.txt:07:28:16 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-c3.xlarge-ubuntu_ltp-log.txt:02:34:48 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-c5n.large-ubuntu_ltp-log.txt:02:30:07 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-c6g.8xlarge-ubuntu_ltp-log.txt:04:14:11 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-i3.metal-ubuntu_ltp-log.txt:07:41:11 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-i3en.24xlarge-ubuntu_ltp-log.txt:05:57:42 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-m5a.large-ubuntu_ltp-log.txt:02:35:26 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-r5.large-ubuntu_ltp-log.txt:02:31:43 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-t2.small-ubuntu_ltp-log.txt:02:57:16 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-t3.medium-ubuntu_ltp-log.txt:02:31:19 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-t3a.2xlarge-ubuntu_ltp-log.txt:02:42:26 INFO | Failed test cases : cve-2018-13405
sru-aws-aws-x1e.xlarge-ubuntu_ltp-log.txt:03:07:22 INFO | Failed test cases : cve-2018-13405

Tags:

CVE References

2018-13405

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2021-11-16:

Sample failure log Edit (4.9 MiB, text/plain)

affects:	linux (Ubuntu) → linux-aws (Ubuntu)
affects:	linux-aws → ubuntu-kernel-tests
tags:	added: 5.11 aws hirsute sru-20211108

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2021-11-16:

The patch for this CVE has been applied:

  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2021-11-16:

Hey, Tim.

This only fails on XFS, now that the test goes through all supported filesystems. This is being tracked and worked on as a different but, LP: #1950239.

Marked as duplicate.

Cascardo.