** Description changed: [Impact] The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems. + + The following upstream patch is needed: + + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea0b163b13ffc52818c079adb00d55e227a6da6f [Test Case] Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work. [Regression Potential] Low, the fix is obviously correct and, AAUI, the affected code path should only be legitimately used by the test suite.
** Description changed: [Impact] The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems. The following upstream patch is needed: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea0b163b13ffc52818c079adb00d55e227a6da6f [Test Case] Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work. [Regression Potential] - Low, the fix is obviously correct and, AAUI, the affected code path - should only be legitimately used by the test suite. + Low, the fix is simple, tested, and, AAUI, the affected code path should + only be legitimately used by the test suite. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1852141 Title: CVE-2019-0155: incomplete fix for 64-bit x86 kernels Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Fix Committed Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Bug description: [Impact] The initial set of Ubuntu kernel updates to address CVE-2019-0155 are not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel (i386) updates are complete. It may be possible for an attacker to bypass the mitigations on 64-bit systems. The following upstream patch is needed: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea0b163b13ffc52818c079adb00d55e227a6da6f [Test Case] Upstream has ran the proposed fix through their regression test suite. We don't have a reproducer for CVE-2019-0155 so the test case is simply to ensure that desktop graphics continue to work. [Regression Potential] Low, the fix is simple, tested, and, AAUI, the affected code path should only be legitimately used by the test suite. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1852141/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
