canonical-ubuntu-qa team mailing list archive

Thread
Date

[Bug 1942612] Re: cve-2017-7616 in cve from ubuntu_ltp failed on bionic with linux/linux-hwe-5.4 on i386

To: canonical-ubuntu-qa@xxxxxxxxxxxxxxxxxxx
From: Po-Hsu Lin <1942612@xxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Dec 2023 01:56:37 -0000
Reply-to: Bug 1942612 <1942612@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Tags removed: ubuntu-ltp
** Tags added: ubuntu-ltp-cve

-- 
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/1942612

Title:
  cve-2017-7616 in cve from ubuntu_ltp failed on bionic with
  linux/linux-hwe-5.4 on i386

Status in ubuntu-kernel-tests:
  New
Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Bionic:
  Confirmed
Status in linux source package in Focal:
  Confirmed

Bug description:
  ubuntu_ltp.cve cve-2017-7616 testcase output:

  16:10:41 DEBUG| [stdout] startup='Sun Aug 29 15:53:35 2021'
  16:10:41 DEBUG| [stdout] tst_test.c:1346: TINFO: Timeout per run is 0h 05m 00s
  16:10:41 DEBUG| [stdout] set_mempolicy05.c:66: TINFO: stack pattern is in 0xbf996ccc-0xbf9970cc
  16:10:41 DEBUG| [stdout] set_mempolicy05.c:111: TFAIL: set_mempolicy should fail with EFAULT or EINVAL, instead returned 38
  16:10:41 DEBUG| [stdout]
  16:10:41 DEBUG| [stdout] HINT: You _MAY_ be missing kernel fixes, see:
  16:10:41 DEBUG| [stdout]
  16:10:41 DEBUG| [stdout] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8
  16:10:41 DEBUG| [stdout]
  16:10:41 DEBUG| [stdout] HINT: You _MAY_ be vulnerable to CVE(s), see:
  16:10:41 DEBUG| [stdout]
  16:10:41 DEBUG| [stdout] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2017-7616
  16:10:41 DEBUG| [stdout]
  16:10:41 DEBUG| [stdout] Summary:
  16:10:41 DEBUG| [stdout] passed   0
  16:10:41 DEBUG| [stdout] failed   1
  16:10:41 DEBUG| [stdout] broken   0
  16:10:41 DEBUG| [stdout] skipped  0
  16:10:41 DEBUG| [stdout] warnings 0
  16:10:41 DEBUG| [stdout] tag=cve-2017-7616 stime=1630252415 dur=0 exit=exited stat=1 core=no cu=0 cs=0

  This is not a regression as this is a new testcase which runs only on
  32-bit systems (i386 and powerpc). This test was added by ltp commit
  6feed808040a86c54b7ab2dd3839fefd819a42cc (Add set_mempolicy05,
  CVE-2017-7616).

  The commit sha1 (cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 -
  mm/mempolicy.c: fix error handling in set_mempolicy and mbind.) which
  fixes this CVE according to https://ubuntu.com/security/CVE-2017-7616,
  was applied upstream for v4.11-rc6, so both focal/linux and
  bionic/linux supposedly contain the fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1942612/+subscriptions