This bug was fixed in the package linux - 5.8.0-53.60
---------------
linux (5.8.0-53.60) groovy; urgency=medium
* CVE-2021-3491
- io_uring: fix provide_buffers sign extension
- io_uring: fix overflows checks in provide buffers
- SAUCE: proc: Avoid mixing integer types in mem_rw()
- SAUCE: io_uring: truncate lengths larger than MAX_RW_COUNT on provide
buffers
* CVE-2021-3490
- bpf: Fix a verifier failure with xor
- SAUCE: bpf: verifier: fix ALU32 bounds tracking with bitwise ops
* CVE-2021-3489
- SAUCE: bpf: ringbuf: deny reserve of buffers larger than ringbuf
- SAUCE: bpf: prevent writable memory-mapping of read-only ringbuf pages
-- Stefan Bader <[email protected]> Thu, 06 May 2021 07:43:20
+0200
** Changed in: linux (Ubuntu Groovy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3489
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3490
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3491
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-restricted-modules in Ubuntu.
https://bugs.launchpad.net/bugs/1918134
Title:
LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing
key
Status in linux package in Ubuntu:
Fix Released
Status in linux-restricted-modules package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux-restricted-modules source package in Bionic:
Fix Released
Status in linux source package in Focal:
Fix Released
Status in linux-restricted-modules source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Status in linux-restricted-modules source package in Groovy:
Fix Released
Status in linux source package in Hirsute:
Fix Released
Status in linux-restricted-modules source package in Hirsute:
Fix Released
Bug description:
To allow decoupling of nvidia-graphics-drivers-<version> streams and
versions from the underlying kernel versions we wish to be able to
sign new kernel modules into an existing kernel after the fact. Under
bug #1898716 we added support for an Ubuntu Modules signing key
certificate. Rebuild the LRM package to make use of this new
signature.
This involves splitting the LRM package into three. linux-restricted-
modules first builds the nvidia-graphics-drivers-* we require signed.
linux-restricted-generate then consumes the .o's produced in that
build and forms a signing custom binary upload for this. linux-
restricted-signatures then consumes the signing result from the LRG
upload and expresses clean redistributible signatures which are
consumed by LRM at installation time. LRG must be embargoed as it
(necessarily) generates fully formed .ko files for signing.
Additional process is added to the kernel build life-cycle to handle
the privacy requirements of the LRG/LRS interaction.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918134/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
