Kernel security test for CVE-2016-9793 still fail with proposed Yakkety 4.8.0-34 kernel

Bug #1652242 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QA Regression Testing
Fix Released
Undecided
Unassigned
linux (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

According to the changelog [1] and the ACK mail, the patch for this CVE should be applied to the proposed kernel in this SRU cycle (Current cycle: 16-Dec through 07-Jan).

But I can still see the kernel security test suite failed for this issue, not sure it's because of the tool or the kernel itself:

======================================================================
FAIL: test_213_setscokopt_sndbufforce_negative_value (__main__.KernelSecurityTest)
Ensure setsockopt(SO_SNDBUFFORCE) does not accept negative values (CVE-2016-9793)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 2009, in test_213_setscokopt_sndbufforce_negative_value
    self.assertEquals(expected, rc, result + report)
AssertionError: Got exit code 0, expected 1
4608

[1] * CVE-2016-9793 - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
http://kernel.ubuntu.com/git/ubuntu/ubuntu-yakkety.git/tree/debian.master/changelog?h=master-next

ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: linux-image-4.8.0-34-generic 4.8.0-34.36
ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11
Uname: Linux 4.8.0-34-generic x86_64
ApportVersion: 2.20.3-0ubuntu8.2
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: kernel 2104 F.... pulseaudio
 /dev/snd/controlC1: kernel 2104 F.... pulseaudio
Date: Fri Dec 23 02:44:12 2016
HibernationDevice: RESUME=UUID=bd7e0dbc-be9f-42ce-9dbf-133d683dca21
InstallationDate: Installed on 2016-12-19 (4 days ago)
InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Release amd64 (20161012.2)
MachineType: Dell Inc. Latitude E7240
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.8.0-34-generic.efi.signed root=UUID=43e85bac-0ac0-4d12-9c90-980cddf963bc ro quiet splash vt.handoff=7
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
 linux-restricted-modules-4.8.0-34-generic N/A
 linux-backports-modules-4.8.0-34-generic N/A
 linux-firmware 1.161.1
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 10/05/2013
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A05
dmi.board.name: 0G05MN
dmi.board.vendor: Dell Inc.
dmi.board.version: X01
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA05:bd10/05/2013:svnDellInc.:pnLatitudeE7240:pvr01:rvnDellInc.:rn0G05MN:rvrX01:cvnDellInc.:ct9:cvr:
dmi.product.name: Latitude E7240
dmi.product.version: 01
dmi.sys.vendor: Dell Inc.

CVE References

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Steve Beattie (sbeattie) wrote :

This was due to the test expecting a negative value to return an error on the setsockopt() call, rather than just applying the minimum. I've now corrected the test in the qa-r-t tree in https://git.launchpad.net/qa-regression-testing/commit/?id=2ffdf26fe003ac99cf7a457a689ebe5d6afbbafe and confirmed that the kernel in yakkety-proposed passes the test while the current kernel in yakkety-updates still fails it.

Thanks.

Changed in qa-regression-testing:
status: New → Fix Released
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.