This bug was fixed in the package linux - 5.3.0-29.31
---------------
linux (5.3.0-29.31) eoan; urgency=medium
* eoan/linux: 5.3.0-29.31 -proposed tracker (LP: #1860119)
* Integrate Intel SGX driver into linux-azure (LP: #1844245)
- [Packaging] Add systemd service to load intel_sgx
linux (5.3.0-28.30) eoan; urgency=medium
* eoan/linux: 5.3.0-28.30 -proposed tracker (LP: #1859694)
* CVE-2019-14615
- drm/i915/gen9: Clear residual context state on context switch
* PAN is broken for execute-only user mappings on ARMv8 (LP: #1858815)
- arm64: Revert support for execute-only user mappings
* Miscellaneous Ubuntu changes
- update dkms package versions
linux (5.3.0-27.29) eoan; urgency=medium
* eoan/linux: 5.3.0-27.29 -proposed tracker (LP: #1858943)
* [Regression] usb usb2-port2: Cannot enable. Maybe the USB cable is bad?
(LP: #1856608)
- SAUCE: Revert "usb: handle warm-reset port requests on hub resume"
-- Marcelo Henrique Cerri <[email protected]> Fri, 17 Jan
2020 10:59:16 -0300
** Changed in: linux (Ubuntu Eoan)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1858815
Title:
PAN is broken for execute-only user mappings on ARMv8
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Disco:
Fix Released
Status in linux source package in Eoan:
Fix Released
Status in linux source package in Focal:
Fix Committed
Bug description:
[Impact]
It was discovered that upstream kernel commit cab15ce604e5 ("arm64:
Introduce execute-only page access permissions"), which introduced
execute-only user mappings, subverted the Privileged Access Never
protections.
The fix is to effectively revert commit cab15ce604e5. This is done in
upstream kernel commit 24cecc377463 ("arm64: Revert support for
execute-only user mappings").
[Test Case]
I'm not aware of any PAN test cases. Booting our arm64 kernels on an
ARMv8 device and running through our typical regression tests is
probably the best we can do at this time.
[Regression Potential]
Touching the page handling code always carries significant risk.
However, the fix is simply reverting the change that added the
execute-only user mappings feature in v4.9.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1858815/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
