canonical-ubuntu-qa team mailing list archive

Thread
Date

[Bug 1916046] Re: cve-2020-29373 in cve from ubuntu_ltp failed

To: canonical-ubuntu-qa@xxxxxxxxxxxxxxxxxxx
From: Po-Hsu Lin <1916046@xxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Dec 2023 07:40:40 -0000
Reply-to: Bug 1916046 <1916046@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Tags removed: ubuntu-ltp
** Tags added: ubuntu-ltp0cve

** Tags removed: ubuntu-ltp0cve
** Tags added: ubuntu-ltp-cve

-- 
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/1916046

Title:
  cve-2020-29373 in cve from ubuntu_ltp failed

Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Focal:
  New
Status in linux source package in Groovy:
  Fix Released
Status in linux source package in Hirsute:
  Fix Released

Bug description:
  Not a regression, this is a new test added Feb 8, 2021:
  https://github.com/linux-test-
  project/ltp/commit/c4f669f13106862b6d8be38adf7825ae00ca7ac5

  The log shows:
  13260.	02/08 21:37:31 DEBUG| utils:0153| [stdout] startup='Mon Feb 8 21:37:30 2021'
  13261.	02/08 21:37:31 DEBUG| utils:0153| [stdout] tst_test.c:1261: TINFO: Timeout per run is 0h 05m 00s
  13262.	02/08 21:37:31 DEBUG| utils:0153| [stdout] io_uring02.c:148: TFAIL: Write outside chroot succeeded.
  13263.	02/08 21:37:31 DEBUG| utils:0153| [stdout]
  13264.	02/08 21:37:31 DEBUG| utils:0153| [stdout] HINT: You _MAY_ be missing kernel fixes, see:
  13265.	02/08 21:37:31 DEBUG| utils:0153| [stdout]
  13266.	02/08 21:37:31 DEBUG| utils:0153| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9392a27d88b9
  13267.	02/08 21:37:31 DEBUG| utils:0153| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff002b30181d
  13268.	02/08 21:37:31 DEBUG| utils:0153| [stdout]
  13269.	02/08 21:37:31 DEBUG| utils:0153| [stdout] HINT: You _MAY_ be vulnerable to CVE(s), see:
  13270.	02/08 21:37:31 DEBUG| utils:0153| [stdout]
  13271.	02/08 21:37:31 DEBUG| utils:0153| [stdout] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29373
  13272.	02/08 21:37:31 DEBUG| utils:0153| [stdout]
  13273.	02/08 21:37:31 DEBUG| utils:0153| [stdout] Summary:
  13274.	02/08 21:37:31 DEBUG| utils:0153| [stdout] passed 0
  13275.	02/08 21:37:31 DEBUG| utils:0153| [stdout] failed 1
  13276.	02/08 21:37:31 DEBUG| utils:0153| [stdout] broken 0
  13277.	02/08 21:37:31 DEBUG| utils:0153| [stdout] skipped 0
  13278.	02/08 21:37:31 DEBUG| utils:0153| [stdout] warnings 0
  13279.	02/08 21:37:31 DEBUG| utils:0153| [stdout] tag=cve-2020-29373 stime=1612820250 dur=0 exit=exited stat=1 core=no cu=0

  As of Feb 18, 2021, this CVE is not mitigated yet:
  https://ubuntu.com/security/CVE-2020-29373

  Seen with linux-kvm 5.4.0-1033.34.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1916046/+subscriptions