This bug was fixed in the package linux - 4.4.0-208.240

---------------
linux (4.4.0-208.240) xenial; urgency=medium

  * xenial/linux: 4.4.0-208.240 -proposed tracker (LP: #1922069)

  * linux ADT test failure with linux/4.4.0-207.239 -
    ubuntu_qrt_kernel_security.test-kernel-security.py (LP: #1922200) //
    CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
    - SAUCE: Revert "printk: hash addresses printed with %p"

  * lxd 2.0.11-0ubuntu1~16.04.4 ADT test failure with linux 4.4.0-207.239
    (LP: #1921969)
    - SAUCE: Fix fuse regression in 4.4.0-207.239

linux (4.4.0-207.239) xenial; urgency=medium

  * xenial/linux: 4.4.0-207.239 -proposed tracker (LP: #1919558)

  * Xenial update: v4.4.262 upstream stable release (LP: #1920221)
    - uapi: nfnetlink_cthelper.h: fix userspace compilation error
    - ath9k: fix transmitting to stations in dynamic SMPS mode
    - net: Fix gro aggregation for udp encaps with zero csum
    - can: skb: can_skb_set_owner(): fix ref counting if socket was closed 
before
      setting skb ownership
    - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
    - can: flexcan: enable RX FIFO after FRZ/HALT valid
    - netfilter: x_tables: gpf inside xt_find_revision()
    - cifs: return proper error code in statfs(2)
    - floppy: fix lock_fdc() signal handling
    - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
    - futex: Change locking rules
    - futex: Cure exit race
    - futex: fix dead code in attach_to_pi_owner()
    - net/mlx4_en: update moderation when config reset
    - net: lapbether: Remove netif_start_queue / netif_stop_queue
    - net: davicom: Fix regulator not turned off on failed probe
    - net: davicom: Fix regulator not turned off on driver removal
    - media: usbtv: Fix deadlock on suspend
    - mmc: mxs-mmc: Fix a resource leak in an error handling path in
      'mxs_mmc_probe()'
    - mmc: mediatek: fix race condition between msdc_request_timeout and irq
    - powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
    - PCI: xgene-msi: Fix race in installing chained irq handler
    - s390/smp: __smp_rescan_cpus() - move cpumask away from stack
    - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
    - ALSA: hda/hdmi: Cancel pending works before suspend
    - ALSA: hda: Avoid spurious unsol event handling during S3/S4
    - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
    - s390/dasd: fix hanging DASD driver unbind
    - mmc: core: Fix partition switch time for eMMC
    - scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section
      names
    - Goodix Fingerprint device is not a modem
    - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
      slot
    - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
    - xhci: Improve detection of device initiated wake signal.
    - USB: serial: io_edgeport: fix memory leak in edge_startup
    - USB: serial: ch341: add new Product ID
    - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
    - USB: serial: cp210x: add some more GE USB IDs
    - usbip: fix stub_dev to check for stream socket
    - usbip: fix vhci_hcd to check for stream socket
    - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
    - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
    - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
    - staging: rtl8712: unterminated string leads to read overflow
    - staging: rtl8188eu: fix potential memory corruption in
      rtw_check_beacon_data()
    - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
    - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
    - staging: comedi: addi_apci_1032: Fix endian problem for COS sample
    - staging: comedi: addi_apci_1500: Fix endian problem for command sample
    - staging: comedi: adv_pci1710: Fix endian problem for AI command data
    - staging: comedi: das6402: Fix endian problem for AI command data
    - staging: comedi: das800: Fix endian problem for AI command data
    - staging: comedi: dmm32at: Fix endian problem for AI command data
    - staging: comedi: me4000: Fix endian problem for AI command data
    - staging: comedi: pcl711: Fix endian problem for AI command data
    - staging: comedi: pcl818: Fix endian problem for AI command data
    - NFSv4.2: fix return value of _nfs4_get_security_label()
    - block: rsxx: fix error return code of rsxx_pci_probe()
    - alpha: add $(src)/ rather than $(obj)/ to make source file path
    - alpha: merge build rules of division routines
    - alpha: make short build log available for division routines
    - alpha: Package string routines together
    - alpha: move exports to actual definitions
    - alpha: get rid of tail-zeroing in __copy_user()
    - alpha: switch __copy_user() and __do_clean_user() to normal calling
      conventions
    - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
    - media: hdpvr: Fix an error handling path in hdpvr_probe()
    - KVM: arm64: Fix exclusive limit for IPA size
    - xen/events: reset affinity of 2-level event when tearing it down
    - xen/events: don't unmask an event channel when an eoi is pending
    - xen/events: avoid handling the same event on two cpus at the same time
    - Linux 4.4.262

  * Xenial update: v4.4.261 upstream stable release (LP: #1920218)
    - futex: fix irq self-deadlock and satisfy assertion
    - futex: fix spin_lock() / spin_unlock_irq() imbalance
    - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
    - rsxx: Return -EFAULT if copy_to_user() fails
    - dm table: fix iterate_devices based device capability checks
    - platform/x86: acer-wmi: Add new force_caps module parameter
    - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
    - Linux 4.4.261

  * CVE-2019-19061
    - iio: imu: adis16400: fix memory leak

  * CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
    - printk: hash addresses printed with %p

  * CVE-2017-5967
    - time: Remove CONFIG_TIMER_STATS
    - [Config] Dropped CONFIG_TIMER_STATS

  * CVE-2019-16232
    - libertas: fix a potential NULL pointer dereference

  * CVE-2015-1350
    - xfs: Propagate dentry down to inode_change_ok()
    - fuse: Propagate dentry down to inode_change_ok()
    - fs: Give dentry to inode_change_ok() instead of inode
    - fs: Avoid premature clearing of capabilities

  * CVE-2018-13095
    - xfs: More robust inode extent count validation

  * i40e PF reset due to incorrect MDD event (LP: #1772675)
    - i40e: change behavior on PF in response to MDD event

  * Xenial update: v4.4.260 upstream stable release (LP: #1918184)
    - futex: Ensure the correct return value from futex_lock_pi()
    - net: usb: qmi_wwan: support ZTE P685M modem
    - iwlwifi: pcie: fix to correct null check
    - mmc: sdhci-esdhc-imx: fix kernel panic when remove module
    - scripts: use pkg-config to locate libcrypto
    - scripts: set proper OpenSSL include dir also for sign-file
    - hugetlb: fix update_and_free_page contig page struct assumption
    - JFS: more checks for invalid superblock
    - xfs: Fix assert failure in xfs_setattr_size()
    - net: fix up truesize of cloned skb in skb_prepare_for_shift()
    - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
    - staging: fwserial: Fix error handling in fwserial_create
    - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
    - vt/consolemap: do font sum unsigned
    - wlcore: Fix command execute failure 19 for wl12xx
    - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
    - ath10k: fix wmi mgmt tx queue full due to race condition
    - x86/build: Treat R_386_PLT32 relocation as R_386_PC32
    - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
    - staging: most: sound: add sanity check for function argument
    - media: uvcvideo: Allow entities with no pads
    - Xen/gnttab: handle p2m update errors on a per-slot basis
    - xen-netback: respect gnttab_map_refs()'s return value
    - zsmalloc: account the number of compacted pages correctly
    - swap: fix swapfile read/write offset
    - media: v4l: ioctl: Fix memory leak in video_usercopy
    - Linux 4.4.260

  * Xenial update: v4.4.259 upstream stable release (LP: #1918182)
    - HID: make arrays usage and value to be the same
    - usb: quirks: add quirk to start video capture on ELMO L-12F document 
camera
      reliable
    - xen-netback: delete NAPI instance when queue fails to initialize
    - ntfs: check for valid standard information attribute
    - igb: Remove incorrect "unexpected SYS WRAP" log message
    - scripts/recordmcount.pl: support big endian for ARCH sh
    - kdb: Make memory allocations more robust
    - MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
    - Bluetooth: Fix initializing response id after clearing struct
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
    - Bluetooth: drop HCI device reference before return
    - Bluetooth: Put HCI device if inquiry procedure interrupts
    - usb: dwc2: Abort transaction after errors with unknown reason
    - usb: dwc2: Make "trimming xfer length" a debug message
    - ARM: s3c: fix fiq for clang IAS
    - bnxt_en: reverse order of TX disable and carrier off
    - xen/netback: fix spurious event detection for common event case
    - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
    - fbdev: aty: SPARC64 requires FB_ATY_CT
    - drm/gma500: Fix error return code in psb_driver_load()
    - gma500: clean up error handling in init
    - MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
    - MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
    - media: media/pci: Fix memleak in empress_init
    - media: tm6000: Fix memleak in tm6000_start_stream
    - ASoC: cs42l56: fix up error handling in probe
    - media: lmedm04: Fix misuse of comma
    - media: cx25821: Fix a bug when reallocating some dma memory
    - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
    - btrfs: clarify error returns values in __load_free_space_cache
    - fs/jfs: fix potential integer overflow on shift of a int
    - jffs2: fix use after free in jffs2_sum_write_data()
    - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
    - HID: core: detect and skip invalid inputs to snto32()
    - dmaengine: fsldma: Fix a resource leak in the remove function
    - dmaengine: fsldma: Fix a resource leak in an error handling path of the
      probe function
    - clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
    - regulator: axp20x: Fix reference cout leak
    - isofs: release buffer head before return
    - IB/umad: Return EIO in case of when device disassociated
    - powerpc/47x: Disable 256k page size
    - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the 
probe
    - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
    - amba: Fix resource leak for drivers without .remove
    - tracepoint: Do not fail unregistering a probe due to memory failure
    - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
    - powerpc/pseries/dlpar: handle ibm, configure-connector delay status
    - perf intel-pt: Fix missing CYC processing in PSB
    - perf test: Fix unaligned access in sample parsing test
    - Input: elo - fix an error code in elo_connect()
    - sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
    - misc: eeprom_93xx46: Fix module alias to enable module autoprobe
    - misc: eeprom_93xx46: Add module alias to avoid breaking support for non
      device tree users
    - VMCI: Use set_page_dirty_lock() when unregistering guest memory
    - PCI: Align checking of syscall user config accessors
    - mm/memory.c: fix potential pte_unmap_unlock pte error
    - mm/hugetlb: fix potential double free in hugetlb_register_node() error 
path
    - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
    - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
    - block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
    - blk-settings: align max_sectors on "logical_block_size" boundary
    - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
      Series X|S
    - Input: joydev - prevent potential read overflow in ioctl
    - Input: i8042 - add ASUS Zenbook Flip to noselftest list
    - USB: serial: option: update interface mapping for ZTE P685M
    - USB: serial: mos7840: fix error code in mos7840_write()
    - USB: serial: mos7720: fix error code in mos7720_write()
    - usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
    - usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
    - KEYS: trusted: Fix migratable=1 failing
    - btrfs: fix reloc root leak with 0 ref reloc roots on recovery
    - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
    - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
    - x86/reboot: Force all cpus to exit VMX root if VMX is supported
    - floppy: reintroduce O_NDELAY fix
    - mm: hugetlb: fix a race between freeing and dissolving the page
    - usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
    - libnvdimm/dimm: Avoid race between probe and available_slots_show()
    - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
    - gpio: pcf857x: Fix missing first interrupt
    - f2fs: fix out-of-repair __setattr_copy()
    - sparc32: fix a user-triggerable oops in clear_user()
    - gfs2: Don't skip dlm unlock if glock has an lvb
    - dm era: Recover committed writeset after crash
    - dm era: Verify the data block size hasn't changed
    - dm era: Fix bitset memory leaks
    - dm era: Use correct value size in equality function of writeset tree
    - dm era: Reinitialize bitset cache before digesting a new writeset
    - dm era: only resize metadata in preresume
    - futex: Fix OWNER_DEAD fixup
    - dm era: Update in-core bitset after committing the metadata
    - Linux 4.4.259

  * CVE-2019-16231
    - fjes: Handle workqueue allocation failure

  * Xenial update: v4.4.258 upstream stable release (LP: #1916661)
    - tracing: Do not count ftrace events in top level enable output
    - fgraph: Initialize tracing_graph_pause at task creation
    - af_key: relax availability checks for skb size calculation
    - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
    - iwlwifi: mvm: guard against device removal in reprobe
    - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
    - SUNRPC: Handle 0 length opaque XDR object data properly
    - lib/string: Add strscpy_pad() function
    - include/trace/events/writeback.h: fix -Wstringop-truncation warnings
    - memcg: fix a crash in wb_workfn when a device disappears
    - squashfs: add more sanity checks in id lookup
    - squashfs: add more sanity checks in inode lookup
    - squashfs: add more sanity checks in xattr id lookup
    - memblock: do not start bottom-up allocations with kernel_end
    - netfilter: xt_recent: Fix attempt to update deleted entry
    - h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
    - usb: dwc3: ulpi: fix checkpatch warning
    - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
    - net: watchdog: hold device global xmit lock during tx disable
    - vsock: fix locking in vsock_shutdown()
    - x86/build: Disable CET instrumentation in the kernel for 32-bit too
    - trace: Use -mcount-record for dynamic ftrace
    - tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-
      mcount
    - tracing: Avoid calling cc-option -mrecord-mcount for every Makefile
    - Xen/x86: don't bail early from clear_foreign_p2m_mapping()
    - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
    - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
    - Xen/gntdev: correct error checking in gntdev_map_grant_pages()
    - xen/arm: don't ignore return errors from set_phys_to_machine
    - xen-blkback: don't "handle" error by BUG()
    - xen-netback: don't "handle" error by BUG()
    - xen-scsiback: don't "handle" error by BUG()
    - xen-blkback: fix error handling in xen_blkbk_map()
    - scsi: qla2xxx: Fix crash during driver load on big endian machines
    - kvm: check tlbs_dirty directly
    - Linux 4.4.258

  * Xenial update: v4.4.257 upstream stable release (LP: #1916660)
    - net_sched: reject silly cell_log in qdisc_get_rtab()
    - futex,rt_mutex: Provide futex specific rt_mutex API
    - futex: Remove rt_mutex_deadlock_account_*()
    - futex: Rework inconsistent rt_mutex/futex_q state
    - futex: Avoid violating the 10th rule of futex
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - usb: udc: core: Use lock when write to soft_connect
    - scsi: libfc: Avoid invoking response handler twice if ep is already
      completed
    - scsi: ibmvfc: Set default timeout to avoid crash during migration
    - stable: clamp SUBLEVEL in 4.4 and 4.9
    - USB: serial: cp210x: add pid/vid for WSDA-200-USB
    - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
    - USB: serial: option: Adding support for Cinterion MV31
    - net: lapb: Copy the skb before sending a packet
    - [Config] updateconfigs for ELFCORE
    - ELF/MIPS build fix
    - elfcore: fix building with clang
    - USB: gadget: legacy: fix an error code in eth_bind()
    - USB: usblp: don't call usb_set_interface if there's a single alt
    - usb: dwc2: Fix endpoint direction check in ep_from_windex
    - mac80211: fix station rate table updates on assoc
    - kretprobe: Avoid re-registration of the same kretprobe earlier
    - cifs: report error instead of invalid when revalidating a dentry fails
    - mmc: core: Limit retries when analyse of SDIO tuples fails
    - ARM: footbridge: fix dc21285 PCI configuration accessors
    - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
    - mm: hugetlb: fix a race between isolating and freeing page
    - mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
    - x86/build: Disable CET instrumentation in the kernel
    - x86/apic: Add extra serialization for non-serializing MSRs
    - Input: xpad - sync supported devices with fork on GitHub
    - ACPI: thermal: Do not call acpi_thermal_check() directly
    - ALSA: hda/realtek - Fix typo of pincfg for Dell quirk
    - Linux 4.4.257

  * Xenial update: v4.4.256 upstream stable release (LP: #1916657)
    - Linux 4.4.256

  * Xenial update: v4.4.255 upstream stable release (LP: #1916656)
    - ACPI: sysfs: Prefer "compatible" modalias
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - y2038: futex: Move compat implementation into futex.c
    - futex: Move futex exit handling into futex code
    - futex: Replace PF_EXITPIDONE with a state
    - exit/exec: Seperate mm_release()
    - futex: Split futex_mm_release() for exit/exec
    - futex: Set task::futex_state to DEAD right after handling futex exit
    - futex: Mark the begin of futex exit explicitly
    - futex: Sanitize exit state handling
    - futex: Provide state handling for exec() as well
    - futex: Add mutex around futex exit
    - futex: Provide distinct return value when owner is exiting
    - futex: Prevent exit livelock
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - netfilter: nft_dynset: add timeout extension to template
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - mac80211: pause TX while changing interface type
    - can: dev: prevent potential information leak in can_fill_info()
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - Linux 4.4.255

 -- Kleber Sacilotto de Souza <kleber.so...@canonical.com>  Thu, 01 Apr
2021 12:57:17 +0200

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1350

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5967

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13095

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5953

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5995

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7754

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16231

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16232

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19061

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1922200

Title:
  linux ADT test failure with linux/4.4.0-207.239 -
  ubuntu_qrt_kernel_security.test-kernel-security.py

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  Fix Released

Bug description:
  [Impact]
  The backport of upstream commit ad67b74d2469d9b82aaa572d76474c95bc484d57 
("printk: hash addresses printed with %p"), applied to fix CVEs 
CVE-2018-5953/CVE-2018-5995/CVE-2018-7754 on xenial/linux 4.4.0-207.239, 
introduced a regression caught by testcases from 
ubuntu_qrt_kernel_security.test-kernel-security.py testsuite.

  The failing testcases are:
  test_095_kernel_symbols_missing_kallsyms
  test_095_kernel_symbols_missing_proc_modules
  test_095_kernel_symbols_missing_proc_net_tcp
  test_300_test_kaslr_base

  The '095' testcases expect the addresses read by a regular user to be
  zeroed out and test '300' expects the default address for 'startup_64'
  to be 'ffffffff81000000' for non-kaslr kernels (<4.15). The applied
  backport leaks what the address 0x0 hashes to on the /proc interfaces
  instead of the expected values.

  Examples:
  $ head /proc/kallsyms
  00000000b845aaf2 A irq_stack_union
  00000000b845aaf2 A __per_cpu_start
  00000000b845aaf2 A __per_cpu_user_mapped_start
  00000000b845aaf2 A vector_irq
  00000000b845aaf2 A unsafe_stack_register_backup
  00000000b845aaf2 A cpu_debug_store
  00000000b845aaf2 A cpu_tss
  00000000b845aaf2 A exception_stacks
  00000000b845aaf2 A gdt_page
  00000000b845aaf2 A espfix_waddr

  $ sudo head /proc/kallsyms
  00000000b845aaf2 A irq_stack_union
  00000000b845aaf2 A __per_cpu_start
  00000000b845aaf2 A __per_cpu_user_mapped_start
  00000000cd84b193 A vector_irq
  00000000f271a77b A unsafe_stack_register_backup
  00000000b451cc91 A cpu_debug_store
  00000000108c2558 A cpu_tss
  000000001484be48 A exception_stacks
  000000000a1b6bc6 A gdt_page
  00000000f38c128a A espfix_waddr

  $ sudo grep -w startup_64 /proc/kallsyms
  0000000028c44c50 T startup_64

  [Fix]
  For the backport to work as expected, we would likely need to backport the 
following commits as well:

  57e734423add vsprintf: refactor %pK code out of pointer()
  ef0010a30935 vsprintf: don't use 'restricted_pointer()' when not restricting

  However, this could introduce other regressions as there are several
  corner cases in this code path.

  Given that the CVEs which are fixed by this patch are all low or
  negligible, the best solution seems to be to revert this patch
  altogether.

  [Test]
  Run ubuntu_qrt_kernel_security.test-kernel-security.py tests from the kernel 
team autotest repository.

  [Where problems could occur]
  Reverting this patch can't introduce any regression as it would return the 
code to the previous state, however it would keep the kernel vulnerable to 
these CVEs.

  [Additional Info]
  Testing failed on:
      amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/l/linux/20210331_014541_79861@/log.gz
      i386: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/i386/l/linux/20210331_012734_ec0bc@/log.gz
      ppc64el: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/ppc64el/l/linux/20210331_014757_ec0bc@/log.gz
      s390x: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/s390x/l/linux/20210330_031532_e87f8@/log.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1922200/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to