| 2019-01-17 06:54:38 |
Po-Hsu Lin |
bug |
|
|
added bug |
| 2019-01-17 06:54:50 |
Po-Hsu Lin |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-01-17 07:26:53 |
Po-Hsu Lin |
bug task added |
|
ubuntu-kernel-tests |
|
| 2019-01-31 14:30:14 |
Kleber Sacilotto de Souza |
bug task added |
|
linux-kvm (Ubuntu Bionic) |
|
| 2019-01-31 14:31:14 |
Kleber Sacilotto de Souza |
nominated for series |
|
Ubuntu Cosmic |
|
| 2019-01-31 14:31:14 |
Kleber Sacilotto de Souza |
bug task added |
|
linux-kvm (Ubuntu Cosmic) |
|
| 2019-05-06 11:06:10 |
Po-Hsu Lin |
tags |
amd64 apport-bug bionic uec-images |
amd64 apport-bug bionic cosmic uec-images xenial |
|
| 2019-05-06 11:06:15 |
Po-Hsu Lin |
nominated for series |
|
Ubuntu Xenial |
|
| 2019-05-06 11:06:15 |
Po-Hsu Lin |
bug task added |
|
linux-kvm (Ubuntu Xenial) |
|
| 2019-05-06 11:07:27 |
Po-Hsu Lin |
summary |
SCHED_STACK_END_CHECK should be enabled in B-kvm |
q-r-t security test says SCHED_STACK_END_CHECK should be enabled in B-kvm |
|
| 2019-05-06 11:09:03 |
Po-Hsu Lin |
summary |
q-r-t security test says SCHED_STACK_END_CHECK should be enabled in B-kvm |
q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels |
|
| 2019-06-06 07:05:15 |
Po-Hsu Lin |
ubuntu-kernel-tests: assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2019-06-06 07:05:19 |
Po-Hsu Lin |
linux-kvm (Ubuntu): assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2019-06-06 07:05:24 |
Po-Hsu Lin |
nominated for series |
|
Ubuntu Disco |
|
| 2019-06-06 07:05:24 |
Po-Hsu Lin |
bug task added |
|
linux-kvm (Ubuntu Disco) |
|
| 2019-06-06 07:05:29 |
Po-Hsu Lin |
linux-kvm (Ubuntu Xenial): assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2019-06-06 07:05:31 |
Po-Hsu Lin |
linux-kvm (Ubuntu Bionic): assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2019-06-06 07:05:33 |
Po-Hsu Lin |
linux-kvm (Ubuntu Cosmic): assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2019-06-06 07:05:34 |
Po-Hsu Lin |
linux-kvm (Ubuntu Disco): assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2019-06-06 07:05:37 |
Po-Hsu Lin |
linux-kvm (Ubuntu Xenial): status |
New |
In Progress |
|
| 2019-06-06 07:05:39 |
Po-Hsu Lin |
linux-kvm (Ubuntu Bionic): status |
New |
In Progress |
|
| 2019-06-06 07:05:43 |
Po-Hsu Lin |
ubuntu-kernel-tests: status |
New |
In Progress |
|
| 2019-06-06 07:05:45 |
Po-Hsu Lin |
linux-kvm (Ubuntu Cosmic): status |
New |
In Progress |
|
| 2019-06-06 07:05:47 |
Po-Hsu Lin |
linux-kvm (Ubuntu Disco): status |
New |
In Progress |
|
| 2019-06-06 07:05:48 |
Po-Hsu Lin |
linux-kvm (Ubuntu): status |
New |
In Progress |
|
| 2019-06-06 07:40:01 |
Po-Hsu Lin |
description |
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel
FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest)
Ensure SCHED_STACK_END_CHECK is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check
self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
== SRU Justification ==
Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.
The test_380_config_sched_stack_end_check test from q-r-t will fail on all the KVM kernels.
Copied from the config help text:
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.
== Test ==
This issue case be verified with the test_380_config_sched_stack_end_check test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, the introduced runtime overhead is minimal, and it's already enabled in the generic kernel.
== Original Bug report ==
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel
FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest)
Ensure SCHED_STACK_END_CHECK is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check
self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2019-06-06 09:16:41 |
Po-Hsu Lin |
description |
== SRU Justification ==
Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.
The test_380_config_sched_stack_end_check test from q-r-t will fail on all the KVM kernels.
Copied from the config help text:
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.
== Test ==
This issue case be verified with the test_380_config_sched_stack_end_check test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, the introduced runtime overhead is minimal, and it's already enabled in the generic kernel.
== Original Bug report ==
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel
FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest)
Ensure SCHED_STACK_END_CHECK is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check
self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
== SRU Justification ==
Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.
The test_380_config_sched_stack_end_check test from q-r-t will fail on all the KVM kernels.
Copied from the config help text:
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1812159-kvm-sched-check/
This issue case be verified with the test_380_config_sched_stack_end_check test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, the introduced runtime overhead is minimal, and it's already enabled in the generic kernel.
== Original Bug report ==
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel
FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest)
Ensure SCHED_STACK_END_CHECK is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check
self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2019-06-24 09:24:51 |
Po-Hsu Lin |
tags |
amd64 apport-bug bionic cosmic uec-images xenial |
amd64 apport-bug bionic cosmic ubuntu-qrt-kernel-security uec-images xenial |
|
| 2019-06-24 09:24:57 |
Po-Hsu Lin |
tags |
amd64 apport-bug bionic cosmic ubuntu-qrt-kernel-security uec-images xenial |
amd64 apport-bug bionic cosmic linux-kvm ubuntu-qrt-kernel-security uec-images xenial |
|
| 2019-06-28 04:40:58 |
Khaled El Mously |
linux-kvm (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2019-06-28 04:41:01 |
Khaled El Mously |
linux-kvm (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2019-06-28 04:41:04 |
Khaled El Mously |
linux-kvm (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
| 2019-06-28 04:41:06 |
Khaled El Mously |
linux-kvm (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
| 2019-07-16 22:38:28 |
Steve Beattie |
tags |
amd64 apport-bug bionic cosmic linux-kvm ubuntu-qrt-kernel-security uec-images xenial |
amd64 apport-bug bionic cosmic linux-kvm ubuntu-qrt-kernel-security uec-images verification-done-bionic verification-done-disco verification-failed-xenial xenial |
|
| 2019-07-16 22:38:50 |
Steve Beattie |
tags |
amd64 apport-bug bionic cosmic linux-kvm ubuntu-qrt-kernel-security uec-images verification-done-bionic verification-done-disco verification-failed-xenial xenial |
amd64 apport-bug bionic cosmic linux-kvm ubuntu-qrt-kernel-security uec-images verification-done-bionic verification-done-disco verification-done-xenial xenial |
|
| 2019-07-19 09:36:55 |
Po-Hsu Lin |
ubuntu-kernel-tests: status |
In Progress |
Fix Released |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
linux-kvm (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2018-12126 |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2018-12127 |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2018-12130 |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2019-11085 |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2019-11091 |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2019-11815 |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2019-11833 |
|
| 2019-07-22 10:56:28 |
Launchpad Janitor |
cve linked |
|
2019-11884 |
|
| 2019-07-22 20:28:34 |
Launchpad Janitor |
linux-kvm (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2019-07-23 14:13:30 |
Launchpad Janitor |
linux-kvm (Ubuntu): status |
In Progress |
Fix Released |
|
| 2019-07-24 20:29:46 |
Launchpad Janitor |
linux-kvm (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2019-07-24 20:29:46 |
Launchpad Janitor |
cve linked |
|
2019-2054 |
|
| 2021-03-12 09:59:34 |
Po-Hsu Lin |
linux-kvm (Ubuntu Cosmic): status |
Fix Committed |
Won't Fix |
|
