n: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855335
Title:
CONFIG_DEBUG_CREDENTIALS should be enabled
Stat
** Changed in: linux (Ubuntu)
Status: In Progress => Triaged
** Changed in: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
n: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855341
Title:
CONFIG_USELIB should be disabled
Status in linux
n: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855337
Title:
CONFIG_DEBUG_NOTIFIERS should be enabled
Status in li
n: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855339
Title:
CONFIG_LEGACY_PTYS should be disabled
Status in linux
n: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855336
Title:
CONFIG_DEBUG_SG should be enabled
Status in linux
n: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855338
Title:
CONFIG_IO_STRICT_DEVMEM should be enabled
Status in li
** Changed in: linux (Ubuntu)
Status: In Progress => Triaged
** Changed in: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Changed in: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1811162
Title:
Turn on CONFIG_REFCOUNT_FULL for non-
n: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855334
Title:
CONFIG_DEBUG_LIST should be enabled
Status in linux
On 2020-03-02 07:53:18, AceLan Kao wrote:
> Here is the test kernel and the patches I reverted/applied, could
> anyone helps me verify it.
I can confirm that the new kernel does _not_ regress brightness controls
on the machine that caused me to initially open this bug report.
Thanks!
--
You rec
I enabled the KMS debug messages in the drm module:
$ cat /etc/modprobe.d/drm-debug.conf
options drm debug=0x04
$ sudo update-initramfs -u -k $(uname -r) && sudo reboot
...
Unfortunately, it doesn't look like my device_id is set after the
drm_dp_read_desc() in drm_dp_read_desc:
$ dmesg | grep -i
Note that the quirks in the debug output from comment #9 are 0x
because I've got still got commit 3269788061d2 ("USUNTU: SAUCE:
drm/i915: Force DPCD backlight mode on Dell Precision 4K sku") reverted
locally.
--
You received this bug notification because you are a member of Kernel
Packages, w
** Tags added: champagne
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-5.4 in Ubuntu.
https://bugs.launchpad.net/bugs/1861521
Title:
[FOCAL][REGRESSION] Intel Gen 9 brightness cannot be controlled
Status in linux-5.4 package in
To provide further verification, I built Ubuntu-5.4-5.4.0-14.17 with a
single patch on top that reverts commit 3269788061d2 ("USUNTU: SAUCE:
drm/i915: Force DPCD backlight mode on Dell Precision 4K sku"). My
screen brightness controls are working again and I can undock from my
external monitor with
I noticed that upstream v5.4.18 allowed me to adjust my screen
brightness while Ubuntu-5.4-5.4.0-14.17 does not, which indicates an
Ubuntu SAUCE patch as the culprit. I bisected between the two kernels
and this was the result:
$ git bisect good
3269788061d24e316633165608259de1c110b801 is the first
Hi Brendan - What you're asking for is very different than the intent
behind this bug report. It'll be best if you open a new bug report.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1863
Eoan: https://lists.ubuntu.com/archives/kernel-team/2020-February/107613.html
Disco: https://lists.ubuntu.com/archives/kernel-team/2020-February/107616.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.laun
** Description changed:
[Impact]
The bpf(2) system call is completely blocked in Disco and Eoan when
Secure Boot is enabled due to overly restrictive Lockdown policies. This
makes it so that all bpf related tools are not usable on those releases.
[Test Case]
Set up test BPF pr
** Description changed:
+ [Impact]
+
+ The bpf(2) system call is completely blocked in Disco and Eoan when
+ Secure Boot is enabled due to overly restrictive Lockdown policies. This
+ makes it so that all bpf related tools are not usable on those releases.
+
+ [Test Case]
+
+ Set up test BPF pr
** Changed in: linux (Ubuntu Disco)
Status: Triaged => In Progress
** Changed in: linux (Ubuntu Eoan)
Status: Triaged => In Progress
** Changed in: linux (Ubuntu Disco)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: linux (Ubuntu Eoan)
Hi Quentin - Thanks for the bug report! I do think that relaxing the
eBPF restrictions in Eoan and Disco would be acceptable for Secure Boot
purposes.
** Also affects: linux (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Disco)
Importance: Undecided
I've also verified the fix in 5.3.0-41.33-generic.
** Tags removed: verification-needed-eoan
** Tags added: verification-done-eoan
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1861238
T
I've verified the fix in 4.15.0-89.89-generic. The sysrq help message is
printed to the kernel log when trying to lift lockdown with the proof-
of-concept and when trying to lift lockdown with alt+sysrq+x.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You
I've verified that the proof-of-concept does not show an information
leak when running 4.15.0-89.89-generic.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed
Submission to the Ubuntu kernel-team list:
https://lists.ubuntu.com/archives/kernel-team/2020-February/107444.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1862840
Title:
[Bionic
** Description changed:
[Impact]
Gregory Herrero reported that the proof-of-concept for CVE-2019-14615
indicates that the information leak is not fixed in the Bionic 4.15
kernel as indicated by USN-4255-1:
https://usn.ubuntu.com/4255-1/
This only affects Ubuntu's 4.15 kernel
I've pushed a set of proposed backports which prevents the information
leak when running the proof-of-concept code:
https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/bionic/log/?h=cves/CVE-2020-8832
--
You received this bug notification because you are a member of Kernel
Packages, whi
minute or so to ensure that
# the information leak is not possible.
[Regression Potential]
TODO
** Affects: linux (Ubuntu)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Invalid
** Affects: linux (Ubuntu Bionic)
Importance: High
Assignee: Tyler Hicks (ty
Proposed fixes have been sent to the kernel-team list.
Focal: https://lists.ubuntu.com/archives/kernel-team/2020-February/107324.html
Eoan: https://lists.ubuntu.com/archives/kernel-team/2020-February/107326.html
Disco: https://lists.ubuntu.com/archives/kernel-team/2020-February/107328.html
Bionic:
cts: linux (Ubuntu Focal)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
** Also affects: linux (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Eoan)
Importance: Undecided
Status: New
** Changed in: linux (U
achieve a lockdown free environment by running 'mokutil --disable-
validation' and rebooting.
** Changed in: linux (Ubuntu)
Importance: Undecided => High
** Changed in: linux (Ubuntu)
Status: Confirmed => In Progress
** Changed in: linux (Ubuntu)
Assignee: (
** Description changed:
+ [Impact]
+
It's possible to turn off kernel lockdown by emulating a USB keyboard
via USB/IP and sending an Alt+SysRq+X key combination through it.
Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and
CONFIG_USBIP_CORE=m) with signed usbip_core and
The fix for this bug has been released for a little while now. See the
info here:
https://people.canonical.com/~ubuntu-
security/cve/2019/CVE-2019-14615.html
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a membe
** Information type changed from Private Security to Public Security
** Summary changed:
- Placeholder bug
+ arm64/KVM debug registers vulnerability
** Description changed:
- Placeholder bug report for arm64 KVM issue.
+ [Impact]
+
+ https://www.openwall.com/lists/oss-security/2020/01/30/5
+
FWIW, fatrace works fine for me under the same kernel and fatrace
version:
$ sudo fatrace
...
bash(51938): O /tmp/hi
bash(51938): CW /tmp/hi
...
tyhicks@elm:~$ cat /proc/version_signature
Ubuntu 5.4.0-12.15-generic 5.4.8
$ apt policy fatrace
fatrace:
Installed: 0.13-2
Candidate: 0.13-2
Vers
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1861238
Title:
Root can lift kernel lockdown via USB/IP
Status in linux package
Upstream submission:
https://lore.kernel.org/lkml/20200123091713.12623-1-stefan.ba...@canonical.com/T/#t
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1860231
Title:
5.4.0-11 crash on
Fix submitted by smb:
https://lists.ubuntu.com/archives/kernel-team/2020-January/107055.html
** Changed in: linux (Ubuntu)
Assignee: Andrea Righi (arighi) => Stéphane Graber (stgraber)
** Changed in: linux (Ubuntu)
Assignee: Stéphane Graber (stgraber) => Stefan Bader (smb)
--
You re
** Description changed:
- An attempt to run cryptsetup open on a newly created LUKS partition on
- Ubuntu Core 20 causes a kernel crash. This happens in 100% of the
- attempts on the snapd Core 20 installation test, but on an image created
- to reproduce this bug it happens only when certain param
** Description changed:
An attempt to run cryptsetup open on a newly created LUKS partition on
Ubuntu Core 20 causes a kernel crash. This happens in 100% of the
attempts on the snapd Core 20 installation test, but on an image created
to reproduce this bug it happens only when certain param
On 2020-01-19 16:15:58, aaronleung wrote:
> My OS have this bug, i try to install kernel 5.4 in my linuxmint19.3,
> bug, instailing not found samething with from /lib/firmware/i915/ ,again.
> i try to download from
> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/
** Description changed:
-
+ Legacy BSD PTYs have been replaced by UNIX 98 PTYs a long time ago.
+ Disable legacy BSD PTY support as it is no longer needed.
+
+ This config option is recommended by the Kernel Self Protection
+ Project[1] and a 2019 study performed by Capsule 8 shows that it is
+
** Description changed:
-
+ We should disable CONFIG_USELIB to make the uselib(2) system call
+ unreachable in an effort to reduce the kernel attack surface.
+
+ The system call is only used by very old libc implementations and is
+ unlikely to be used today.
+
+ This config option is recommend
** Description changed:
-
+ We should enable CONFIG_IO_STRICT_DEVMEM to restrict userspace access of
+ active io-memory ranges.
+
+ This could impact kernel debugability. In that case, you may reboot with
+ iomem=relaxed on the kernel commandline to override this setting.
+
+
+ This config opt
** Description changed:
-
+ We should enable CONFIG_DEBUG_NOTIFIERS to ensure that notifier functions are
present in the core kernel text or module text sections before calling
+ those functions.
+
+ If an invalid function pointer is detected, a warning is issued and the
+ function is not calle
** Description changed:
-
+ Enable CONFIG_DEBUG_SG to perform sanity checks when performing
+ operations on scatterlists. If a sanity check fails a loud warning is
+ printed to the logs.
+
+ This change may help in detection of an attack that relies on
+ scatterlist manipulation.
** Description
** Description changed:
-
+ We should enable CONFIG_DEBUG_CREDENTIALS to perform sanity checks, such as
verifying usage counts and proper magic values, when handling cred
+ structs. If a cred sanity check fails a loud warning is printed to the
+ logs.
+
+ The config option raises the bar on the
** Description changed:
-
+ We should turn on CONFIG_DEBUG_LIST which does some sanity checking on the
+ surrounding linked list elements when adding or removing an element. If the
sanity check fails, the list manipulation operation is not and a loud warning
is printed to the logs in the form o
Importance: Undecided => High
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14615
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bu
This is CVE-2020-7053
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-7053
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1859522
Title:
use-after-free in i915_ppgtt_c
** Information type changed from Private Security to Public Security
** Description changed:
[Impact]
Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group
reported a use-after-free issue in the i915 driver. This issue has been
fixed in the upstream kernel starting in v5.2
** Description changed:
[Impact]
It was discovered that upstream kernel commit cab15ce604e5 ("arm64:
Introduce execute-only page access permissions"), which introduced
execute-only user mappings, subverted the Privileged Access Never
protections.
The fix is to effectively revert
In Progress
** Changed in: linux (Ubuntu Disco)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: linux (Ubuntu Eoan)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Chan
*** This bug is a security vulnerability ***
Public security bug reported:
[Impact]
It was discovered that upstream kernel commit cab15ce604e5 ("arm64:
Introduce execute-only page access permissions"), which introduced
execute-only user mappings, subverted the Privileged Access Never
protections
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs
On 2019-11-30 21:44:33, A. Denton wrote:
> Will the required pat set be backported to older kernel, such as Ubuntu
> 4.15.0-70.79-generic 4.15.18?
No, there are no plans to backport them at this time.
If you'd like to make use of a kernel containing those patches in Ubuntu
18.04 LTS, please consi
Thanks for the report, Shaform. There are a few other bug reports
against 5.3.0-22 and we're trying to understand if there's a common
link. It looks like you're using LUKS/dm-crypt to do full disk
encryption of your root partition so we're waiting to hear if that's
common throughout the other repor
Hi Eugen - Thanks for the bug report and sorry about the trouble you're
experiencing.
I'm trying to figure out if there is any link between a few different
bug reports that I'm seeing come in for 5.3.0-22. It looks like the
dm_crypt module is loaded on your system so I'd like for you to verify
her
Hi Martin - Thanks for the bug report. Please follow the instructions
mentioned in comment 1 so that we can have a better view into what's
going on.
In the meantime, can you tell us if you use full disk encryption with
LUKS/dm-crypt? Thanks!
--
You received this bug notification because you are
Hi Andrej - Thanks for the bug report and sorry for the trouble.
The 5.3.0-22 kernel had a bunch of changes in addition to the Intel
related security fixes. Lets start by ruling some things out.
I'd like for you to *separately* try two different kernel command-line
parameters.
The first is "miti
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1850867
Title:
refcount underflow and type confusion in shiftfs
Statu
** Description changed:
[Impact]
The initial set of Ubuntu kernel updates to address CVE-2019-0155 are
not complete for 64-bit x86 kernels (amd64). The 32-bit x86 kernel
(i386) updates are complete. It may be possible for an attacker to
bypass the mitigations on 64-bit systems.
+
+ T
Public bug reported:
Starting with 4.15.0-68.77, currently in bionic-proposed, I can no
longer launch VMs when I disable EPT support in the kvm_intel module.
This works fine under 4.15.0-66.75 from bionic-security.
ubuntu@vought:~$ cat /proc/version_signature
Ubuntu 4.15.0-68.77-generic 4.15.18
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1851412
Title:
Verify kexec image signatures on arm64
Status in linux
Hello - Does the recent switch from New -> Triaged for charm-cinder and
charm-nova-compute mean that someone was able to determine that the
charms are to blame and perhaps not the kernel?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to lin
I've verified the kernel in xenial-proposed:
tyhicks@sec-xenial-amd64:~$ cat /proc/version_signature
Ubuntu 4.4.0-167.196-generic 4.4.197
tyhicks@sec-xenial-amd64:~$ cat test.c
#include
#include
int main(void)
{
int rc = clock_gettime(10, 0);
if (rc < 0)
perror(
This is CVE-2019-18198
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-18198
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1847478
Title:
eoan kernel does not contain
** Changed in: linux (Ubuntu)
Status: Confirmed => Triaged
** Changed in: linux (Ubuntu)
Importance: Undecided => High
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Kernel
Fix submitted: https://lists.ubuntu.com/archives/kernel-
team/2019-October/104623.html
Since we're just about one week from the release of Eoan, this fix may
not make the Eoan release. If that's the case, it will be included in
the initial set of Stable Release Updates (SRU) for the Eoan kernels.
Thanks to Jason for alerting us of this issue and pointing us at the
fix!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1847478
Title:
eoan kernel does not contain "ipv6: do not free rt
** Description changed:
+ [Impact]
+
+ An unprivileged local attacker could cause a denial of service, or
+ possibly execute arbitrary code due to an ipv6 regression.
+
+ [Test Case]
+
+ An unpatched system will crash with the following command:
+
+ $ unshare -rUn sh -c 'ip link add dummy1 typ
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New => In Progress
** Changed in: linux (Ubuntu)
Importance: Undecided => High
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Tyler Hicks
Fix submitted: https://lists.ubuntu.com/archives/kernel-
team/2019-October/104582.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1847189
Title:
Bad posix clock speculation mitigatio
)
Importance: Undecided
Status: Invalid
** Affects: linux (Ubuntu Xenial)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xeni
A pull request for 5.4 included a fix to make SafeSetID useful due to a
bug in 5.3. Details can be read here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1b5fb415442eb3ec946d48afe8c87b0f2fd42d7c
The needed commit is located here:
https://git.kernel.org/pub/scm/l
,apparmor
Documentation on configuring SafeSetID can be found here:
https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because
ot;yama,integrity,apparmor"
[Regression Potential]
Low. This just limits the CONFIG_LSM value to only contain LSMs that are
being built.
** Affects: linux (Ubuntu)
Importance: Low
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
** Affects: linux (Ubuntu Disco)
Import
This has been fixed for some time. Please see the Ubuntu CVE Tracker for
kernel version information:
https://people.canonical.com/~ubuntu-
security/cve/2019/CVE-2019-11815.html
** Changed in: linux (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because y
** Changed in: ubuntu-kernel-tests
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: ubuntu-kernel-tests
Importance: Undecided => Medium
** Changed in: ubuntu-kernel-tests
Status: New => In Progress
--
You received this bug notification because you are a
The Bionic kernel was also released yesterday with the required fixes.
I'm not sure why this bug wasn't automatically updated. Here is the
specific package:
https://launchpad.net/ubuntu/+source/linux/4.15.0-64.73
** Changed in: linux (Ubuntu Bionic)
Status: Confirmed => Fix Released
--
On 2019-09-06 00:15:03, Ryan Beisner wrote:
> We’ve just dug into this aspect of both Disco and Eoan. Unfortunately,
> I don’t know if this ever succeeded on these two releases.
I don't know if you're easily able to test old kernel versions but it
could be helpful to test the kernel that Disco re
Ryan, did this work on Eoan and Disco at some point in the past or is
this the first time that you've tested this workflow on those releases?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/
I was unable to reproduce this in a Disco VM that I manually configured
to mount an ext4 virtio-blk device at boot:
$ dmesg | grep vdb
[2.352490] virtio_blk virtio4: [vdb] 20971520 512-byte logical blocks (10.7
GB/10.0 GiB)
[6.898149] EXT4-fs (vdb): mounted filesystem with ordered data mo
It is useful to note that the attached logs indicate that /dev/vdb2 is a
virtio-blk device containing a mounted ext4 filesystem prior to it being
unmounted and (attempted to be) reformatted with xfs.
--
You received this bug notification because you are a member of Kernel
Packages, which is subsc
I don't think that we should make this change. I explained my reasoning
in this email:
https://lists.ubuntu.com/archives/kernel-
team/2019-September/103615.html
For posterity, I'm copying the content below.
=
While enabling kernel hardening features is something
ged in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: linux (Ubuntu Bionic)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubun
@mvo I don't understand why we'd add the "assumes" to the kernel's
snapcraft.yaml now since we're reverting the problematic AppArmor
commit. A kernel with the AppArmor commit will never be released to
stable (or -updates/-security) so I don't think that the "assumes"
workaround is needed any longer
Public bug reported:
[Impact]
Some cloud-focused kernels have CONFIG_BT enabled but cloud instances
shouldn't need bluetooth support. Disabling the bluetooth subsystem
reduces the amount of security-sensitive code we have to worry about in
the cloud kernels and also has the nice side effect of mi
Hi Jordan - This seems like a nice enhancement and something that will
be in Ubuntu once we are shipping a kernel that's v5.3 or newer. I don't
expect that we'll backport these patches to our stable releases that
ship kernels older than v5.3. This seems to reflect the TPM subsystem
maintainer's tho
** Description changed:
The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements)
does not contain any events that are measured by UEFI after the kernel's
EFI Boot stub calls ExitBootServices().
This means that PCR values calculated from the event log will not match
the a
On 2019-07-02 16:36:27, Andrea Righi wrote:
> This might be a duplicate of 1830433, could you give it a try with this
> test kernel and see if the problem is still happening?
>
> https://kernel.ubuntu.com/~arighi/LP-1827884/
For everyone who is able to try out that test build, please remember to
1 - 100 of 583 matches
Mail list logo
