[Bug 1914279] [NEW] linux from security may force reboots without complete dkms modules
Dimitri John Ledkov
1914279 at bugs.launchpad.net
Tue Feb 2 18:02:54 UTC 2021
*** This bug is a security vulnerability ***
Public security bug reported:
Whilst discussing
https://discourse.ubuntu.com/t/improvements-for-hardware-support-in-
ubuntu-desktop-installation-media/20606
We have noticed a reference to somebody not having working backport-
iwlwifi-dkms, whilst SRU of that happened before the v5.4 -> v5.8
switch.
However, kernel meta switch was pushed to security pocket, but the dkms
modules are all in -updates only.
This may result in people automatically installing the new kernel with
unatanded upgrades; dkms modules failing to build; and a reboot required
flag left on disk.
At this point launching update manager will not offer to install dkms
modules from updates, and will guide the users to reboot..... which will
then cause them to boot the new kernel without the dkms modules that
might be providing networking for them.
Should dkms modules SRUs always getting published into -security pocket,
as well as the -updates pocket?
Should linux maintainer scripts prevent touching reboot required flag if
any dkms modules fail to build?
Should apt / unattanded-upgrades / update-manager always update dkms
modules with kernels?
** Affects: apt (Ubuntu)
Importance: Undecided
Status: New
** Affects: dkms (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-meta (Ubuntu)
Importance: Undecided
Status: New
** Affects: unattended-upgrades (Ubuntu)
Importance: Undecided
Status: New
** Affects: update-manager (Ubuntu)
Importance: Undecided
Status: New
** Also affects: dkms (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-meta (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu)
Importance: Undecided
Status: New
** Also affects: update-manager (Ubuntu)
Importance: Undecided
Status: New
** Also affects: unattended-upgrades (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1914279
Title:
linux from security may force reboots without complete dkms modules
Status in apt package in Ubuntu:
New
Status in dkms package in Ubuntu:
New
Status in linux package in Ubuntu:
New
Status in linux-meta package in Ubuntu:
New
Status in unattended-upgrades package in Ubuntu:
New
Status in update-manager package in Ubuntu:
New
Bug description:
Whilst discussing
https://discourse.ubuntu.com/t/improvements-for-hardware-support-in-
ubuntu-desktop-installation-media/20606
We have noticed a reference to somebody not having working backport-
iwlwifi-dkms, whilst SRU of that happened before the v5.4 -> v5.8
switch.
However, kernel meta switch was pushed to security pocket, but the
dkms modules are all in -updates only.
This may result in people automatically installing the new kernel with
unatanded upgrades; dkms modules failing to build; and a reboot
required flag left on disk.
At this point launching update manager will not offer to install dkms
modules from updates, and will guide the users to reboot..... which
will then cause them to boot the new kernel without the dkms modules
that might be providing networking for them.
Should dkms modules SRUs always getting published into -security
pocket, as well as the -updates pocket?
Should linux maintainer scripts prevent touching reboot required flag
if any dkms modules fail to build?
Should apt / unattanded-upgrades / update-manager always update dkms
modules with kernels?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1914279/+subscriptions
More information about the foundations-bugs
mailing list