Interesting thing on that CVE page is that this is marked as "Not vulnerable" to most of our kernels. Or even with "Does not exist".
This might needs to be investigated. ** Tags added: 5.4 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1916046 Title: cve-2020-29373 in cve from ubuntu_ltp failed Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Fix Released Status in linux source package in Focal: New Status in linux source package in Groovy: Fix Released Status in linux source package in Hirsute: Fix Released Bug description: Not a regression, this is a new test added Feb 8, 2021: https://github.com/linux-test- project/ltp/commit/c4f669f13106862b6d8be38adf7825ae00ca7ac5 The log shows: 13260. 02/08 21:37:31 DEBUG| utils:0153| [stdout] startup='Mon Feb 8 21:37:30 2021' 13261. 02/08 21:37:31 DEBUG| utils:0153| [stdout] tst_test.c:1261: TINFO: Timeout per run is 0h 05m 00s 13262. 02/08 21:37:31 DEBUG| utils:0153| [stdout] io_uring02.c:148: TFAIL: Write outside chroot succeeded. 13263. 02/08 21:37:31 DEBUG| utils:0153| [stdout] 13264. 02/08 21:37:31 DEBUG| utils:0153| [stdout] HINT: You _MAY_ be missing kernel fixes, see: 13265. 02/08 21:37:31 DEBUG| utils:0153| [stdout] 13266. 02/08 21:37:31 DEBUG| utils:0153| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9392a27d88b9 13267. 02/08 21:37:31 DEBUG| utils:0153| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff002b30181d 13268. 02/08 21:37:31 DEBUG| utils:0153| [stdout] 13269. 02/08 21:37:31 DEBUG| utils:0153| [stdout] HINT: You _MAY_ be vulnerable to CVE(s), see: 13270. 02/08 21:37:31 DEBUG| utils:0153| [stdout] 13271. 02/08 21:37:31 DEBUG| utils:0153| [stdout] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29373 13272. 02/08 21:37:31 DEBUG| utils:0153| [stdout] 13273. 02/08 21:37:31 DEBUG| utils:0153| [stdout] Summary: 13274. 02/08 21:37:31 DEBUG| utils:0153| [stdout] passed 0 13275. 02/08 21:37:31 DEBUG| utils:0153| [stdout] failed 1 13276. 02/08 21:37:31 DEBUG| utils:0153| [stdout] broken 0 13277. 02/08 21:37:31 DEBUG| utils:0153| [stdout] skipped 0 13278. 02/08 21:37:31 DEBUG| utils:0153| [stdout] warnings 0 13279. 02/08 21:37:31 DEBUG| utils:0153| [stdout] tag=cve-2020-29373 stime=1612820250 dur=0 exit=exited stat=1 core=no cu=0 As of Feb 18, 2021, this CVE is not mitigated yet: https://ubuntu.com/security/CVE-2020-29373 Seen with linux-kvm 5.4.0-1033.34. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1916046/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
