| 2019-06-12 17:52:48 |
bugproxy |
bug |
|
|
added bug |
| 2019-06-12 17:52:50 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 |
|
| 2019-06-12 17:52:51 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
| 2019-06-12 17:52:54 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
| 2019-06-12 19:07:59 |
Andrew Cloke |
bug task added |
|
ubuntu-z-systems |
|
| 2019-06-12 19:08:06 |
Andrew Cloke |
ubuntu-z-systems: importance |
Undecided |
High |
|
| 2019-06-12 19:08:21 |
Andrew Cloke |
ubuntu-z-systems: assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
| 2019-06-17 05:41:22 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Triaged |
|
| 2019-06-18 06:12:51 |
Frank Heimes |
description |
Description: pkey: Indicate old mkvp only if old and curr. mkvp are different
Symptom: zkey validate shows wrong information about master key registers
Problem: When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus
the verification patterns are the same, too. The check to report
if a secure key is currently wrapped by the old master key
erroneously reports old mkvp in this case.
Solution: Fix this by checking current and old mkvp and report OLD only if
current and old mkvp are different.
Reproduction: Change the CCA master key but set the exact same master key that is already used. Then do a 'zkey validate' command on a secure key
Component: kernel 5.1 rc1
Upstream-ID: ebb7c695d3bc7a4986b92edc8d9ef43491be183e
This fix will be provided with kernel >=5.1 , will be integrate in 19.10 by default.
But should also be applied to 18.04 and 19.04 |
SRU Justification:
==================
[Impact]
* 'zkey validate' shows wrong information about master key registers
* this might lead to unsuccessful usage of pkeys, although the master key and the derived keys are correct
[Fix]
* ebb7c695d3bc7a4986b92edc8d9ef43491be183e ebb7c69 "pkey: Indicate old mkvp only if old and current mkvp are different"
[Test Case]
* set a CCA master key
* generate a pkey
* 'change' (or better set) the current CCA master key to the exact same master key again which is currently in use
* execute a 'zkey validate'
[Regression Potential]
* The regression potential can be considered as very low since this is purely s390x specific
* changes are limited to a single file (drivers/s390/crypto/pkey_api.c)
* patch changes only one line (actually expands an if stmt)
* and all this happens only in a very specific situation (in case a new master key was set, using the same key as before)
[Other Info]
* Problem was found during tests at IBM and is a so called 'preventive fix'
__________
Description: pkey: Indicate old mkvp only if old and curr. mkvp are different
Symptom: zkey validate shows wrong information about master key registers
Problem: When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus
the verification patterns are the same, too. The check to report
if a secure key is currently wrapped by the old master key
erroneously reports old mkvp in this case.
Solution: Fix this by checking current and old mkvp and report OLD only if
current and old mkvp are different.
Reproduction: Change the CCA master key but set the exact same master key that is already used. Then do a 'zkey validate' command on a secure key
Component: kernel 5.1 rc1
Upstream-ID: ebb7c695d3bc7a4986b92edc8d9ef43491be183e
This fix will be provided with kernel >=5.1 , will be integrate in 19.10 by default.
But should also be applied to 18.04 and 19.04 |
|
| 2019-06-18 07:07:03 |
Frank Heimes |
linux (Ubuntu): status |
New |
In Progress |
|
| 2019-06-18 07:07:07 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
| 2019-06-28 12:20:12 |
Stefan Bader |
nominated for series |
|
Ubuntu Cosmic |
|
| 2019-06-28 12:20:12 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Cosmic) |
|
| 2019-06-28 12:20:12 |
Stefan Bader |
nominated for series |
|
Ubuntu Disco |
|
| 2019-06-28 12:20:12 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Disco) |
|
| 2019-06-28 12:20:12 |
Stefan Bader |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-06-28 12:20:12 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-06-28 12:23:08 |
Stefan Bader |
linux (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2019-06-28 12:23:11 |
Stefan Bader |
linux (Ubuntu Cosmic): importance |
Undecided |
Medium |
|
| 2019-06-28 12:23:16 |
Stefan Bader |
linux (Ubuntu Disco): importance |
Undecided |
Medium |
|
| 2019-07-02 08:16:20 |
Kleber Sacilotto de Souza |
linux (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2019-07-02 08:16:25 |
Kleber Sacilotto de Souza |
linux (Ubuntu Disco): status |
New |
Fix Committed |
|
| 2019-07-02 08:16:26 |
Kleber Sacilotto de Souza |
linux (Ubuntu Cosmic): status |
New |
Fix Committed |
|
| 2019-07-02 08:31:46 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
| 2019-07-03 11:01:49 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-needed-disco |
|
| 2019-07-03 13:03:10 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-needed-disco |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-needed-cosmic verification-needed-disco |
|
| 2019-07-03 13:06:49 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-needed-cosmic verification-needed-disco |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-needed-bionic verification-needed-cosmic verification-needed-disco |
|
| 2019-07-03 14:24:53 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-needed-bionic verification-needed-cosmic verification-needed-disco |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12126 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12127 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2018-12130 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11085 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11091 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11815 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11833 |
|
| 2019-07-22 10:53:34 |
Launchpad Janitor |
cve linked |
|
2019-11884 |
|
| 2019-07-22 12:35:21 |
Frank Heimes |
linux (Ubuntu): status |
In Progress |
Fix Released |
|
| 2019-07-23 05:25:24 |
Launchpad Janitor |
linux (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2019-07-23 05:42:51 |
Frank Heimes |
linux (Ubuntu Cosmic): status |
Fix Committed |
Invalid |
|
| 2019-07-23 05:42:57 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|
| 2019-08-22 16:15:35 |
Ubuntu Kernel Bot |
tags |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco verification-needed-xenial |
|
| 2019-08-29 07:43:22 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco verification-needed-xenial |
architecture-s39064 bugnameltc-178127 severity-high targetmilestone-inin1910 verification-done-bionic verification-done-cosmic verification-done-disco verification-done-xenial |
|
