Upstream v5.9 introduced 'module' patches that removed exported symbols
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Stefan Bader | ||
Groovy |
Fix Released
|
High
|
Unassigned |
Bug Description
SRU Justification:
[Impact]
* The following patches removed an exported symbol that will cause potential disruption and breakage for customers
modules: inherit TAINT_PROPRIETA
modules: return licensing information from find_symbol
modules: rename the licence field in struct symsearch to license
modules: unexport __module_address
modules: unexport __module_
modules: mark each_symbol_section static
modules: mark find_symbol static
modules: mark ref_module static
[Fix]
* Temporarily revert as SAUCE patches to allow customers time to make necessary changes to support eventual patch changes.
[Test Plan]
* Check symbols on running kernel
sudo grep -e ' ref_module' -e ' find_symbol' -e ' each_symbol_
* Check symbols on all installed kernels
sudo grep -e ' ref_module' -e ' find_symbol' -e ' each_symbol_
[Where problems could occur]
* The new functionality provided by patches will be removed, since we aren't removing existing functionality the risk should be low.
CVE References
description: | updated |
summary: |
- Upstream stable introduced patches that removed exported symbols + Upstream v5.9 introduced 'module' patches that removed exported symbols |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → Stefan Bader (smb) |
importance: | Undecided → High |
status: | New → Fix Committed |
Changed in linux (Ubuntu Groovy): | |
importance: | Undecided → High |
status: | New → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → High |
status: | New → Fix Committed |
description: | updated |
This bug was fixed in the package linux - 5.4.0-77.86
---------------
linux (5.4.0-77.86) focal; urgency=medium
* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
- SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu
* UAF on CAN BCM bcm_rx_handler (LP: #1931855)
- SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu
linux (5.4.0-76.85) focal; urgency=medium
* focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)
* Upstream v5.9 introduced 'module' patches that removed exported symbols RY_MODULE" text_address"
(LP: #1932065)
- SAUCE: Revert "modules: inherit TAINT_PROPRIETA
- SAUCE: Revert "modules: return licensing information from find_symbol"
- SAUCE: Revert "modules: rename the licence field in struct symsearch to
license"
- SAUCE: Revert "modules: unexport __module_address"
- SAUCE: Revert "modules: unexport __module_
- SAUCE: Revert "modules: mark each_symbol_section static"
- SAUCE: Revert "modules: mark find_symbol static"
- SAUCE: Revert "modules: mark ref_module static"
linux (5.4.0-75.84) focal; urgency=medium
* focal/linux: 5.4.0-75.84 -proposed tracker (LP: #1930032)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2021-33200
- bpf: Wrap aux data inside bpf_sanitize_info container
- bpf: Fix mask direction swap upon off reg sign change
- bpf: No need to simulate speculative domain for immediates
* Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
(LP: #1928242)
- USB: Verify the port status when timeout happens during port suspend
* CVE-2020-26145
- ath10k: drop fragments with multicast DA for SDIO
- ath10k: add CCMP PN replay protection for fragmented frames for PCIe
- ath10k: drop fragments with multicast DA for PCIe
* CVE-2020-26141
- ath10k: Fix TKIP Michael MIC verification for PCIe
* CVE-2020-24588
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header
- cfg80211: mitigate A-MSDU aggregation attacks
- mac80211: drop A-MSDUs on old ciphers
- ath10k: drop MPDU which has discard flag set by firmware for SDIO
* CVE-2020-26139
- mac80211: do not accept/forward invalid EAPOL frames
* CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
- mac80211: extend protection against mixed key and fragment cache attacks
* CVE-2020-24586 // CVE-2020-24587
- mac80211: prevent mixed key and fragment cache attacks
- mac80211: add fragment cache to sta_info
- mac80211: check defrag PN against current frame
- mac80211: prevent attacks on TKIP/WEP as well
* CVE-2020-26147
- mac80211: assure all fragments are encrypted
* raid10: Block discard is very slow, causing severe delays for mkfs and discard_ bio() for submitting discard bio
fstrim operations (LP: #1896578)
- md: add md_submit_
- md/raid10: extend r10bio devs to raid disks
- md/raid10: pull the code that wait for blocked dev into one function
- md/raid10: improve raid10 discard request
- md/raid10: improve discard request for far layout
- dm raid: remove unnecessary discard limi...