libgnutls report "trap invalid opcode" when trying to install packages over https
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-kernel-tests |
New
|
Undecided
|
Unassigned | ||
gnutls28 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Focal |
Confirmed
|
High
|
Unassigned | ||
Jammy |
Confirmed
|
High
|
Unassigned | ||
Lunar |
Confirmed
|
High
|
Unassigned | ||
linux (Ubuntu) |
Confirmed
|
Undecided
|
Thadeu Lima de Souza Cascardo | ||
Focal |
Fix Released
|
Critical
|
Thadeu Lima de Souza Cascardo | ||
Jammy |
Fix Released
|
Critical
|
Thadeu Lima de Souza Cascardo | ||
Lunar |
Fix Released
|
Critical
|
Thadeu Lima de Souza Cascardo |
Bug Description
[Impact]
When booting linux with Gather Data Sampling mitigations without updated microcode on an affected CPU, AVX will be disabled. This will cause programs connecting to https using gnutls on Jammy to break, including apt and git.
[Test case]
git clone https:/
Cloning into 'autotest-
error: git-remote-https died of signal 4
dmesg:
[ 806.072080] traps: git-remote-
Works fine with the mitigation disabled by default.
[Potential regressions]
Users booting on affected parts without microcode updates will be subject to Gather Data Sampling attacks (which can be done by local untrusted attackers), which may leak confidential data, including keys.
-------
When trying to install linux-libc-dev on Oracle BM.Standard2.52 (seems to be the only affected instance) with Jammy 5.15.0-81-generic, it will get interrupted with:
E: Method https has died unexpectedly!
E: Sub-process https received signal 4.
$ sudo apt install linux-libc-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
linux-libc-dev
0 upgraded, 1 newly installed, 0 to remove and 54 not upgraded.
Need to get 1353 kB of archives.
After this operation, 6943 kB of additional disk space will be used.
E: Method https has died unexpectedly!
E: Sub-process https received signal 4.
From dmesg you will see:
[ 1078.750067] traps: https[4572] trap invalid opcode ip:7f3c1e6316be sp:7ffea26b61c0 error:0 in libgnutls.
Also, git clone is not working as well.
$ git clone --depth=1 https:/
Cloning into 'autotest-
error: git-remote-https died of signal 4
dmesg:
[ 806.072080] traps: git-remote-
libgnutls30 version:
description: | updated |
Changed in linux (Ubuntu): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Lunar): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Critical |
Changed in linux (Ubuntu Lunar): | |
importance: | High → Critical |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in linux (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in linux (Ubuntu Lunar): | |
status: | New → In Progress |
Changed in gnutls28 (Ubuntu Jammy): | |
importance: | Undecided → High |
description: | updated |
summary: |
- libgnutls report "trap invalid opcode" when trying to install linux- - libc-dev on Oracle BM.Standard2.52 with Jammy + libgnutls report "trap invalid opcode" when trying to install packages + over https |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in gnutls28 (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in gnutls28 (Ubuntu Lunar): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Lunar): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal-linux removed: verification-needed-focal-linux |
This issue does not exist with 5.15.0.78 nor 5.15.0-79