Ubuntu
linux package

issuing invalid ioctl to /dev/vsock may spam dmesg

Bug #1971480 reported by Thadeu Lima de Souza Cascardo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
In Progress
Low
Thadeu Lima de Souza Cascardo
Bionic
Fix Released
Low
Thadeu Lima de Souza Cascardo
Focal
Fix Released
Low
Thadeu Lima de Souza Cascardo

Bug Description

[Impact]
Any user may spam dmesg may issuing an invalid ioctl to /dev/vsock.

[Fix]
Do not print anything to dmesg when an invalid ioctl is issued to /dev/vsock.

[Test case]
ioctl(open("/dev/vsock", O_RDONLY), garbage, 0);

[Potential regression]
vsock users may regress.

CVE References

Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux (Ubuntu):
status: New → Fix Released
Changed in linux (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux (Ubuntu Bionic):
importance: Undecided → Low
Changed in linux (Ubuntu Focal):
importance: Undecided → Low
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
status: New → In Progress
Changed in linux (Ubuntu Xenial):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux (Ubuntu Bionic):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
status: New → In Progress
Changed in linux (Ubuntu Xenial):
status: New → In Progress
Stefan Bader (smb)
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Luke Nowakowski-Krijger (lukenow)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.4.0-112.126 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/4.15.0-179.188 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.4.0-117.132

---------------
linux (5.4.0-117.132) focal; urgency=medium

  * CVE-2022-1966
    - netfilter: nf_tables: add nft_set_elem_expr_alloc()
    - netfilter: nf_tables: disallow non-stateful expression in sets earlier

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 01 Jun 2022 20:07:42 -0300

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.15.0-184.194

---------------
linux (4.15.0-184.194) bionic; urgency=medium

  * CVE-2022-1966
    - netfilter: nf_tables: disallow non-stateful expression in sets earlier

 -- Thadeu Lima de Souza Cascardo <email address hidden> Thu, 02 Jun 2022 15:36:51 -0300

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.