NAK: [PATCH 0/1][j linux] Fix minor regression in CVE-2022-40982
Tim Gardner
tim.gardner at canonical.com
Fri Sep 15 13:23:34 UTC 2023
On 9/15/23 7:03 AM, Thadeu Lima de Souza Cascardo wrote:
> On Tue, Sep 12, 2023 at 09:07:49AM -0600, Tim Gardner wrote:
>> BugLink: https://bugs.launchpad.net/bugs/2034745
>>
>> SRU Justification
>>
>> [Impact]
>>
>> In 5.15.0-1045, only loading enclaves with XFRM set to 3 works, sgx_encl_init returns
>> EINVAL. The only reason this wouldn't work properly is if sgx_drv_init thinks XSAVE
>> isn't enabled. This works fine in j/linux-azure 5.15.0-1043.
>>
>> Likely cause:
>> 1045 adds this patch: https://github.com/torvalds/linux/commit/b81fac906a8f9e682e513ddd95697ec7a20878d4 .
>> This later patch indicates that the former patch introduced some ordering problems.
>> https://github.com/torvalds/linux/commit/2c66ca3949dc701da7f4c9407f2140ae425683a5 .
>> That later patch isn't applied to j/linux-azure 5.15.0-1045.
>>
>> [Test Plan]
>>
>> User test results pending, but it is a fix commit, so likely worth
>> applying regardless.
>>
>> [Regression Potential]
>>
>> SGX could continue to fail.
>>
>>
>> --
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
> Why is this not submitted to lunar, focal, bionic, xenial, oem-6.1?
>
> Cascardo.
well, you're right. Any kernel that has had CVE-2022-40982 backported
should get this fix commit. I had blinders on and was focusing on Azure
5.15.
v2 forthcoming...
rtg
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list