TDX azure instances crash during boot because of glibc bug
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glibc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
High
|
Ioanna Alifieraki | ||
Kinetic |
Won't Fix
|
High
|
Ioanna Alifieraki | ||
Lunar |
Fix Released
|
Undecided
|
Unassigned | ||
linux-azure (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Invalid
|
High
|
Ioanna Alifieraki | ||
Kinetic |
Won't Fix
|
High
|
Ioanna Alifieraki | ||
Lunar |
Fix Released
|
Medium
|
Tim Gardner | ||
linux-azure-fde-6.2 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Tim Gardner | ||
Kinetic |
Won't Fix
|
Undecided
|
Unassigned | ||
Lunar |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[IMPACT]
Glibc in jammy and kinetic is affected by the following bug :
https:/
When cpuid reports no information on a shared cache, the
x86_non_
behave wrong for mid-sized operations. sysdeps/
that the minimum value must be 0x4040, but this is not enforced for the
default value.
The issue was reported because jammy tdx instances are failing to boot
(crashing) on azure. The bug has been resolved upstream in
https:/
[TEST CASE]
Test case requires an azure tdx instance.
Microsoft has tested a test package with the above commit and
confirmed that instances boot successfully.
[REGRESSION POTENTIAL]
The patches have been accepted upstream. They modify code for x86 architecture, so any
potential regression would affect x86.
[OTHER]
Bug upstream: https:/
Duplicate bug: https:/
In jammy we need 2 commits :
https:/
https:/
In kinetic we just need :
https:/
CVE References
- 2022-40982
- 2023-1206
- 2023-1380
- 2023-20569
- 2023-20588
- 2023-20593
- 2023-2124
- 2023-21264
- 2023-2176
- 2023-2612
- 2023-2640
- 2023-2898
- 2023-30456
- 2023-3090
- 2023-31084
- 2023-31248
- 2023-3141
- 2023-31436
- 2023-3212
- 2023-32233
- 2023-32629
- 2023-3269
- 2023-3389
- 2023-3390
- 2023-35001
- 2023-3609
- 2023-3610
- 2023-3611
- 2023-3776
- 2023-3777
- 2023-3995
- 2023-4004
- 2023-4015
- 2023-40283
- 2023-4128
- 2023-4155
- 2023-4194
- 2023-4273
- 2023-4569
Changed in glibc (Ubuntu Jammy): | |
status: | New → Confirmed |
Changed in glibc (Ubuntu Kinetic): | |
status: | New → Confirmed |
description: | updated |
Changed in glibc (Ubuntu Jammy): | |
status: | Confirmed → Triaged |
importance: | Undecided → High |
Changed in glibc (Ubuntu Kinetic): | |
status: | Confirmed → Triaged |
importance: | Undecided → High |
tags: | added: se-sponsor-halves |
tags: | removed: se-sponsor-halves |
Changed in linux-azure (Ubuntu): | |
status: | New → Fix Released |
Changed in glibc (Ubuntu Jammy): | |
status: | Incomplete → In Progress |
Changed in glibc (Ubuntu Lunar): | |
status: | New → Fix Released |
Changed in glibc (Ubuntu): | |
status: | New → Fix Released |
Changed in linux-azure (Ubuntu Lunar): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
importance: | Undecided → Medium |
status: | New → Fix Committed |
Changed in linux-azure-fde-6.2 (Ubuntu Jammy): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
importance: | Undecided → Medium |
status: | New → Fix Committed |
Changed in linux-azure-fde-6.2 (Ubuntu Kinetic): | |
status: | New → Won't Fix |
Changed in linux-azure-fde-6.2 (Ubuntu Lunar): | |
status: | New → Fix Released |
@schopin fyi I'm preparing the patches for the SRU.