Public bug reported: ubuntu_ltp.cve cve-2017-7616 testcase output:
16:10:41 DEBUG| [stdout] startup='Sun Aug 29 15:53:35 2021' 16:10:41 DEBUG| [stdout] tst_test.c:1346: TINFO: Timeout per run is 0h 05m 00s 16:10:41 DEBUG| [stdout] set_mempolicy05.c:66: TINFO: stack pattern is in 0xbf996ccc-0xbf9970cc 16:10:41 DEBUG| [stdout] set_mempolicy05.c:111: TFAIL: set_mempolicy should fail with EFAULT or EINVAL, instead returned 38 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] HINT: You _MAY_ be missing kernel fixes, see: 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] HINT: You _MAY_ be vulnerable to CVE(s), see: 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2017-7616 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] Summary: 16:10:41 DEBUG| [stdout] passed 0 16:10:41 DEBUG| [stdout] failed 1 16:10:41 DEBUG| [stdout] broken 0 16:10:41 DEBUG| [stdout] skipped 0 16:10:41 DEBUG| [stdout] warnings 0 16:10:41 DEBUG| [stdout] tag=cve-2017-7616 stime=1630252415 dur=0 exit=exited stat=1 core=no cu=0 cs=0 This is not a regression as this is a new testcase which runs only on 32-bit systems (i386 and powerpc). This test was added by ltp commit 6feed808040a86c54b7ab2dd3839fefd819a42cc (Add set_mempolicy05, CVE-2017-7616). The commit sha1 (cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 - mm/mempolicy.c: fix error handling in set_mempolicy and mbind.) which fixes this CVE according to https://ubuntu.com/security/CVE-2017-7616, was applied upstream for v4.11-rc6, so both focal/linux and bionic/linux supposedly contain the fix. ** Affects: ubuntu-kernel-tests Importance: Undecided Status: New ** Affects: linux (Ubuntu) Importance: Undecided Status: Incomplete ** Affects: linux (Ubuntu Bionic) Importance: Undecided Status: Confirmed ** Affects: linux (Ubuntu Focal) Importance: Undecided Status: Confirmed ** Tags: 4.15 5.4 bionic focal hwe-5.4 i386 sru-20210816 ubuntu-ltp ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Summary changed: - cve-2017-7616 in cve from ubuntu_ltp failed with b/hwe-5.4 on i386 + cve-2017-7616 in cve from ubuntu_ltp failed on bionic with linux/linux-hwe-5.4 on i386 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1942612 Title: cve-2017-7616 in cve from ubuntu_ltp failed on bionic with linux/linux-hwe-5.4 on i386 Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Incomplete Status in linux source package in Bionic: Confirmed Status in linux source package in Focal: Confirmed Bug description: ubuntu_ltp.cve cve-2017-7616 testcase output: 16:10:41 DEBUG| [stdout] startup='Sun Aug 29 15:53:35 2021' 16:10:41 DEBUG| [stdout] tst_test.c:1346: TINFO: Timeout per run is 0h 05m 00s 16:10:41 DEBUG| [stdout] set_mempolicy05.c:66: TINFO: stack pattern is in 0xbf996ccc-0xbf9970cc 16:10:41 DEBUG| [stdout] set_mempolicy05.c:111: TFAIL: set_mempolicy should fail with EFAULT or EINVAL, instead returned 38 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] HINT: You _MAY_ be missing kernel fixes, see: 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] HINT: You _MAY_ be vulnerable to CVE(s), see: 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2017-7616 16:10:41 DEBUG| [stdout] 16:10:41 DEBUG| [stdout] Summary: 16:10:41 DEBUG| [stdout] passed 0 16:10:41 DEBUG| [stdout] failed 1 16:10:41 DEBUG| [stdout] broken 0 16:10:41 DEBUG| [stdout] skipped 0 16:10:41 DEBUG| [stdout] warnings 0 16:10:41 DEBUG| [stdout] tag=cve-2017-7616 stime=1630252415 dur=0 exit=exited stat=1 core=no cu=0 cs=0 This is not a regression as this is a new testcase which runs only on 32-bit systems (i386 and powerpc). This test was added by ltp commit 6feed808040a86c54b7ab2dd3839fefd819a42cc (Add set_mempolicy05, CVE-2017-7616). The commit sha1 (cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 - mm/mempolicy.c: fix error handling in set_mempolicy and mbind.) which fixes this CVE according to https://ubuntu.com/security/CVE-2017-7616, was applied upstream for v4.11-rc6, so both focal/linux and bionic/linux supposedly contain the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1942612/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
