This bug was fixed in the package linux - 4.18.0-16.17
---------------
linux (4.18.0-16.17) cosmic; urgency=medium
* linux: 4.18.0-16.17 -proposed tracker (LP: #1814749)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* CVE-2018-16880
- vhost: fix OOB in get_rx_bufs()
* RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
- SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
- [Config] CONFIG_RTLWIFI_DEBUG_ST=n
- SAUCE: Add r8822be to signature inclusion list
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* CVE-2018-18397
- userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
- userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
- userfaultfd: shmem: add i_size checks
- userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
* Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
- HID: i2c-hid: Ignore input report if there's no data present on Elan
touchpanels
* Vsock connect fails with ENODEV for large CID (LP: #1813934)
- vhost/vsock: fix vhost vsock cid hashing inconsistent
* Fix non-working pinctrl-intel (LP: #1811777)
- pinctrl: intel: Do pin translation in other GPIO operations as well
* ip6_gre: fix tunnel list corruption for x-netns (LP: #1812875)
- ip6_gre: fix tunnel list corruption for x-netns
* Backported commit breaks audio (fixed upstream) (LP: #1811566)
- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
Clapper
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
Gnawty
* kvm_stat : missing python dependency (LP: #1798776)
- tools/kvm_stat: switch to python3
* [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
(LP: #1812797)
- vgaarb: Add support for 64-bit frame buffer address
- vgaarb: Keep adding VGA device in queue
* Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
- USB: Add new USB LPM helpers
- USB: Consolidate LPM checks to avoid enabling LPM twice
* [SRU] IO's are issued with incorrect Scatter Gather Buffer (LP: #1795453)
- scsi: megaraid_sas: Use 63-bit DMA addressing
* x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
(LP: #1813532)
- x86/mm: Do not warn about PCI BIOS W+X mappings
* CVE-2019-6133
- fork: record start_time late
* Fix not working Goodix touchpad (LP: #1811929)
- HID: i2c-hid: Disable runtime PM on Goodix touchpad
* bluetooth controller not detected with 4.15 kernel (LP: #1810797)
- SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
- [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y
* X1 Extreme: only one of the two SSDs is loaded (LP: #1811755)
- nvme-core: rework a NQN copying operation
- nvme: pad fake subsys NQN vid and ssvid with zeros
- nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
* Crash on "ip link add foo type ipip" (LP: #1811803)
- SAUCE: fan: Fix NULL pointer dereference
-- Stefan Bader <[email protected]> Thu, 07 Feb 2019 23:23:02
+0100
** Changed in: linux (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16880
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813532
Title:
x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Released
Bug description:
== SRU Justification ==
Booting an i386 Bionic kernel in a VM with a 64-bit CPU leads to:
[ 1.074702] Freeing unused kernel memory: 1092K
[ 1.084027] Write protecting the kernel text: 8836k
[ 1.085115] Write protecting the kernel read-only data: 3480k
[ 1.086361] NX-protecting the kernel data: 7548k
[ 1.087457] ------------[ cut here ]------------
[ 1.088400] x86/mm: Found insecure W+X mapping at address
(ptrval)/0xc00a0000
[ 1.089738] WARNING: CPU: 0 PID: 1 at
/build/linux-bnzN1b/linux-4.15.0/arch/x86/mm/dump_pagetables.c:266
note_page+0x670/0x860
[ 1.091893] Modules linked in:
[ 1.092522] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-43-generic
#46-Ubuntu
[ 1.094362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.11.1-1ubuntu1 04/01/2014
[ 1.096279] EIP: note_page+0x670/0x860
[ 1.097012] EFLAGS: 00010282 CPU: 0
[ 1.097807] EAX: 00000041 EBX: df4fbf44 ECX: 000001ba EDX: 00000000
[ 1.099083] ESI: 80000000 EDI: 00000000 EBP: df4fbf10 ESP: df4fbee4
[ 1.100328] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 1.101418] CR0: 80050033 CR2: b7d99092 CR3: 0ce16000 CR4: 000006f0
[ 1.102693] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 1.103928] DR6: fffe0ff0 DR7: 00000400
[ 1.104733] Call Trace:
[ 1.105316] ptdump_walk_pgd_level_core+0x2ac/0x2e0
[ 1.106266] ptdump_walk_pgd_level_checkwx+0x18/0x20
[ 1.107207] mark_rodata_ro+0xf5/0x117
[ 1.107947] ? rest_init+0xa0/0xa0
[ 1.108627] kernel_init+0x33/0xf0
[ 1.109300] ret_from_fork+0x2e/0x38
[ 1.110016] Code: cc e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 fe ae ae cc
e9 16 fe ff ff 52 52 68 ac af ae cc c6 05 a8 a8 cb cc 01 e8 40 74 00 00 <0f> 0b
8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 ae
[ 1.113395] ---[ end trace 0dce1996d96c40bb ]---
[ 1.114324] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.
== Fix ==
Backport commit c200dac78fec ("x86/mm: Do not warn about PCI BIOS W+X
mappings").
== Regression Potential ==
Low. The patch only modifies debugging output.
== Test Case ==
To reproduce, boot an i386 kernel in QEMU with '-cpu qemu64' and check
the kernel logs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1813532/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
