32095 – Backport request: kernel-6.1.38-3.mga8 / Security

Bug 32095 - Backport request: kernel-6.1.38-3.mga8 / Security

Summary: Backport request: kernel-6.1.38-3.mga8 / Security

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Backports (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	High Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA8-64-OK
Keywords:	validated_backport

Depends on:
Blocks:

Reported:	2023-07-11 07:12 CEST by Thomas Backlund
Modified:	2023-07-19 23:27 CEST (History)
CC List:	2 users (show)

See Also:
Source RPM:	kernel
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2023-07-11 07:12:58 CEST

Security and bugfixes including StackRot root exploit  fix

SRPMS:
kernel-6.1.38-3.mga8.src.rpm
kmod-virtualbox-7.0.8-2.10.mga8.src.rpm
kmod-xtables-addons-3.23-2.22.mga8.src.rpm



i586:
bpftool-6.1.38-3.mga8.i586.rpm
cpupower-6.1.38-3.mga8.i586.rpm
cpupower-devel-6.1.38-3.mga8.i586.rpm
kernel-desktop586-6.1.38-3.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-6.1.38-3.mga8-1-1.mga8.i586.rpm
kernel-desktop586-devel-latest-6.1.38-3.mga8.i586.rpm
kernel-desktop586-latest-6.1.38-3.mga8.i586.rpm
kernel-desktop-6.1.38-3.mga8-1-1.mga8.i586.rpm
kernel-desktop-devel-6.1.38-3.mga8-1-1.mga8.i586.rpm
kernel-desktop-devel-latest-6.1.38-3.mga8.i586.rpm
kernel-desktop-latest-6.1.38-3.mga8.i586.rpm
kernel-doc-6.1.38-3.mga8.noarch.rpm
kernel-server-6.1.38-3.mga8-1-1.mga8.i586.rpm
kernel-server-devel-6.1.38-3.mga8-1-1.mga8.i586.rpm
kernel-server-devel-latest-6.1.38-3.mga8.i586.rpm
kernel-server-latest-6.1.38-3.mga8.i586.rpm
kernel-source-6.1.38-3.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-6.1.38-3.mga8.noarch.rpm
kernel-userspace-headers-6.1.38-3.mga8.i586.rpm
libbpf1-6.1.38-3.mga8.i586.rpm
libbpf-devel-6.1.38-3.mga8.i586.rpm
perf-6.1.38-3.mga8.i586.rpm

xtables-addons-kernel-6.1.38-desktop-3.mga8-3.23-2.22.mga8.i586.rpm
xtables-addons-kernel-6.1.38-desktop586-3.mga8-3.23-2.22.mga8.i586.rpm
xtables-addons-kernel-6.1.38-server-3.mga8-3.23-2.22.mga8.i586.rpm
xtables-addons-kernel-desktop586-latest-3.23-2.22.mga8.i586.rpm
xtables-addons-kernel-desktop-latest-3.23-2.22.mga8.i586.rpm
xtables-addons-kernel-server-latest-3.23-2.22.mga8.i586.rpm



x86_64:
bpftool-6.1.38-3.mga8.x86_64.rpm
cpupower-6.1.38-3.mga8.x86_64.rpm
cpupower-devel-6.1.38-3.mga8.x86_64.rpm
kernel-desktop-6.1.38-3.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-6.1.38-3.mga8-1-1.mga8.x86_64.rpm
kernel-desktop-devel-latest-6.1.38-3.mga8.x86_64.rpm
kernel-desktop-latest-6.1.38-3.mga8.x86_64.rpm
kernel-doc-6.1.38-3.mga8.noarch.rpm
kernel-server-6.1.38-3.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-6.1.38-3.mga8-1-1.mga8.x86_64.rpm
kernel-server-devel-latest-6.1.38-3.mga8.x86_64.rpm
kernel-server-latest-6.1.38-3.mga8.x86_64.rpm
kernel-source-6.1.38-3.mga8-1-1.mga8.noarch.rpm
kernel-source-latest-6.1.38-3.mga8.noarch.rpm
kernel-userspace-headers-6.1.38-3.mga8.x86_64.rpm
lib64bpf1-6.1.38-3.mga8.x86_64.rpm
lib64bpf-devel-6.1.38-3.mga8.x86_64.rpm
perf-6.1.38-3.mga8.x86_64.rpm

virtualbox-kernel-6.1.38-desktop-3.mga8-7.0.8-2.10.mga8.x86_64.rpm
virtualbox-kernel-6.1.38-server-3.mga8-7.0.8-2.10.mga8.x86_64.rpm
virtualbox-kernel-desktop-latest-7.0.8-2.10.mga8.x86_64.rpm
virtualbox-kernel-server-latest-7.0.8-2.10.mga8.x86_64.rpm

xtables-addons-kernel-6.1.38-desktop-3.mga8-3.23-2.22.mga8.x86_64.rpm
xtables-addons-kernel-6.1.38-server-3.mga8-3.23-2.22.mga8.x86_64.rpm
xtables-addons-kernel-desktop-latest-3.23-2.22.mga8.x86_64.rpm
xtables-addons-kernel-server-latest-3.23-2.22.mga8.x86_64.rpm

Thomas Backlund 2023-07-11 07:13:51 CEST

Priority: Normal => High

PC LX 2023-07-12 11:10:22 CEST

CC: (none) => mageia

Comment 1 PC LX 2023-07-17 17:05:33 CEST

Installed and tested without issues.

Tested:
- 5 days of workstation and server usage;
- many applications tested;
- proprietary and off repository applications: Skype for Linux, Teamviewer, mysql workbench, netbeans, Google Earth, Google Chrome, Tor Browser);
- OpenGL, Vulkan, OpenCL using amdgpu driver and using PoCL driver;
- games from repository and Steam;
- vdpau video decoding GPU acceleration;
- UEFI boot, reboot and poweroff;
- containers: Mageia 8, Mageia 9/cauldron, Fedora 37, Fedora 38, and Kali full systems in containers;
- QEMU/KVM VM: Mageia 8 x86_64, Mageia 8 aarch64, Mageia 9/cauldron x86_64, Kali, Android x86 9, Fedora 37, Fedora 38, Windows 10, Windows 11, MacOS Catalina;
- QEMU/KVM VM: Mageia 8 x86_64 with Radeon 6500 XT GPU pass through, using amdgpu driver.


Host system: Mageia 8, x86_64, AMD Ryzen 5 5600G, Radeon RX 6500 XT, Plasma DE, LXQt DE.


$ uname -a
Linux jupiter 6.1.38-desktop-3.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jul  8 12:08:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep -- kernel.*-6.1.38- | sort
kernel-desktop-6.1.38-3.mga8-1-1.mga8
kernel-desktop-devel-6.1.38-3.mga8-1-1.mga8
kernel-desktop-devel-latest-6.1.38-3.mga8
kernel-desktop-latest-6.1.38-3.mga8
kernel-userspace-headers-6.1.38-3.mga8
$ lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU
00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge
00:01.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe GPP Bridge
00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge
00:02.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge
00:02.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge
00:08.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge
00:08.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus
00:08.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 51)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 51)
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 0
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 1
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 2
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 3
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 4
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 5
00:18.6 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 6
00:18.7 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 7
01:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 XL Upstream Port of PCI Express Switch (rev c1)
02:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 XL Downstream Port of PCI Express Switch
03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Navi 24 [Radeon RX 6400 / 6500 XT] (rev c1)
03:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Navi 21/23 HDMI/DP Audio Controller
04:00.0 USB controller: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset USB 3.1 XHCI Controller (rev 01)
04:00.1 SATA controller: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset SATA Controller (rev 01)
04:00.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Bridge (rev 01)
05:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01)
05:01.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01)
05:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01)
05:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01)
05:07.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01)
06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 26)
0b:00.0 Non-Volatile memory controller: Kingston Technology Company, Inc. Device 500f (rev 03)
0c:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne (rev c9)
0c:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller
0c:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor
0c:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1
0c:00.4 USB controller: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1
0c:00.6 Audio device: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller
0d:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 81)




Guest system 1: QEMU/KVM, Mageia 8, x86_64, Radeon RX 6500 XT PCI pass through, LXQt DE.


$ uname -a
Linux jupiter-vm-mageia-8 6.1.38-desktop-3.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jul  8 12:08:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep -- kernel.*-6.1.38- | sort
kernel-desktop-6.1.38-3.mga8-1-1.mga8
kernel-desktop-latest-6.1.38-3.mga8
kernel-userspace-headers-6.1.38-3.mga8
$ lspci
00:00.0 Host bridge: Intel Corporation 82G33/G31/P35/P31 Express DRAM Controller
00:01.0 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:01.1 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:01.2 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.0 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.1 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.2 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.3 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.4 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.5 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.6 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:02.7 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:03.0 PCI bridge: Red Hat, Inc. QEMU PCIe Root port
00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio Controller (rev 03)
00:1f.0 ISA bridge: Intel Corporation 82801IB (ICH9) LPC Interface Controller (rev 02)
00:1f.2 SATA controller: Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] (rev 02)
00:1f.3 SMBus: Intel Corporation 82801I (ICH9 Family) SMBus Controller (rev 02)
01:00.0 Keyboard controller: Red Hat, Inc. Virtio input (rev 01)
02:00.0 Input device controller: Red Hat, Inc. Virtio input (rev 01)
03:00.0 Unclassified device [0002]: Red Hat, Inc. Virtio filesystem (rev 01)
04:00.0 PCI bridge: Red Hat, Inc. Device 000e
05:01.0 SCSI storage controller: Broadcom / LSI 53c895a
06:00.0 Ethernet controller: Red Hat, Inc. Virtio network device (rev 01)
07:00.0 USB controller: Red Hat, Inc. QEMU XHCI Host Controller (rev 01)
08:00.0 Communication controller: Red Hat, Inc. Virtio console (rev 01)
09:00.0 SCSI storage controller: Red Hat, Inc. Virtio block device (rev 01)
0a:00.0 Unclassified device [00ff]: Red Hat, Inc. Virtio memory balloon (rev 01)
0b:00.0 Unclassified device [00ff]: Red Hat, Inc. Virtio RNG (rev 01)
0c:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Navi 24 [Radeon RX 6400 / 6500 XT] (rev c1)
0d:00.0 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Navi 21/23 HDMI/DP Audio Controller

Comment 2 PC LX 2023-07-17 17:09:45 CEST

Installed and tested without issues.

Tested:
- 4 days of workstation and server use;
- OpenGL using mesa intel driver (e.g. glmark2);
- vdpau video decoding GPU acceleration;
- web server, email server, media server, file server, rtorrent server.
- UEFI boot, reboot and poweroff.



Host system: Mageia 8, x86_64, Plasma DE, LXQt DE, Desktop HP Elitedesk 800 G1, Intel Core i5-4590 3.30GHz, Intel Corporation Xeon E3-1200 v3 Integrated Graphics.


# uname -a
Linux marte 6.1.38-desktop-3.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jul  8 12:08:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
# rpm -qa | grep -- kernel.*-6.1.38- | sort
kernel-desktop-6.1.38-3.mga8-1-1.mga8
kernel-desktop-latest-6.1.38-3.mga8
kernel-userspace-headers-6.1.38-3.mga8
# lspci
00:00.0 Host bridge: Intel Corporation 4th Gen Core Processor DRAM Controller (rev 06)
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 04)
00:16.0 Communication controller: Intel Corporation 8 Series/C220 Series Chipset Family MEI Controller #1 (rev 04)
00:16.3 Serial controller: Intel Corporation 8 Series/C220 Series Chipset Family KT Controller (rev 04)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-LM (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 04)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation Q87 Express LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 04)

Comment 3 Thomas Andrews 2023-07-19 04:04:01 CEST

AMD Phenom II X4 910, AMD HD 8490 graphics, Atheros wifi, mga8-64 Plasma system.

No issues to report on this system.

CC: (none) => andrewsfarm

Comment 4 Thomas Backlund 2023-07-19 20:30:53 CEST

Thanks for the tests, flushing out before StackRot exploits gets published

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_backport

Comment 5 Thomas Backlund 2023-07-19 23:27:34 CEST

moved

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.