*** This bug is a security vulnerability ***
Public security bug reported:
cc_grub_dpkg was fixed to support nvme drives, but didn't clear the
state of cc_grub_dpkg and didn't rerun it on upgrades
However, that only fixed the issue for the newly first-booted instances on nvme.
All existing boots of cloud-init on nvmes are still broken, and will
fail to apply the latest grub2 update for BootHole mitigation.
Please add maintainer scripts changes to re-run cc_grub_dpkg, once-only,
when cloud-init is upgraded to a new sru. To ensure that cc_grub_dpkg
has been rerun, once, since nvme fixes.
You could guard this call, if debconf database grub-pc devices do not
exist on the instance. (i.e. debconf has /dev/sda, and yet /dev/sda does
not exist)
** Affects: cloud-init (Ubuntu)
Importance: Undecided
Status: New
** Affects: cloud-init (Ubuntu Xenial)
Importance: Undecided
Status: New
** Affects: cloud-init (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: cloud-init (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: cloud-init (Ubuntu Groovy)
Importance: Undecided
Status: New
** Tags: regression-update
** Also affects: cloud-init (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: cloud-init (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: cloud-init (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: cloud-init (Ubuntu Bionic)
Importance: Undecided
Status: New
** Information type changed from Public to Public Security
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1889555
Title:
cc_grub_dpkg was fixed to support nvme drives, but didn't clear the
state of cc_grub_dpkg and didn't rerun it on upgrades
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1889555/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
