Your submission was sent successfully! Close

CVE-2018-19854

Published: 4 December 2018

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

From the Ubuntu security team

It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory).

Priority

Medium

CVSS 3 base score: 4.7

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-46.49)
cosmic
Released (4.18.0-14.15)
precise Ignored
(was needs-triage ESM criteria)
trusty Not vulnerable
(3.11.0-12.19)
upstream
Released (4.20~rc3)
xenial Not vulnerable
(4.2.0-16.19)
linux-aws
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1033.35)
cosmic
Released (4.18.0-1008.10)
precise Does not exist

trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (4.20~rc3)
xenial Not vulnerable
(4.4.0-1001.10)
linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial
Released (4.15.0-1033.35~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic
Released (4.18.0-1011.11~18.04.1)
cosmic
Released (4.18.0-1008.8)
precise Does not exist

trusty
Released (4.15.0-1040.44~14.04.1)
upstream
Released (4.20~rc3)
xenial
Released (4.15.0-1040.44)
linux-azure-edge
Launchpad, Ubuntu, Debian
bionic
Released (4.18.0-1011.11~18.04.1)
cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial
Released (4.15.0-1040.44)
linux-euclid
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial Ignored
(was needs-triage ESM criteria)
linux-flo
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.20~rc3)
xenial Ignored
(abandoned)
linux-gcp
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1028.29)
cosmic
Released (4.18.0-1006.7)
precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial
Released (4.15.0-1028.29~16.04.1)
linux-gcp-edge
Launchpad, Ubuntu, Debian
bionic
Released (4.18.0-1006.7~18.04.1)
cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial Does not exist

linux-gke
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial Ignored
(end-of-life)
linux-goldfish
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.20~rc3)
xenial Ignored
(end-of-life)
linux-grouper
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.20~rc3)
xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic
Released (4.18.0-14.15~18.04.1)
cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial
Released (4.15.0-46.49~16.04.1)
linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-8.9~18.04.1)
cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial
Released (4.15.0-46.49~16.04.1)
linux-kvm
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1030.30)
cosmic
Released (4.18.0-1007.7)
precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial Not vulnerable
(4.4.0-1004.9)
linux-lts-trusty
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Ignored
(was needs-triage ESM criteria)
trusty Does not exist

upstream
Released (4.20~rc3)
xenial Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.20~rc3)
xenial Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.20~rc3)
xenial Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.20~rc3)
xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Not vulnerable
(4.4.0-13.29~14.04.1)
upstream
Released (4.20~rc3)
xenial Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.20~rc3)
xenial Does not exist

linux-mako
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.20~rc3)
xenial Ignored
(abandoned)
linux-manta
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Does not exist

trusty Does not exist
(trusty was ignored [abandoned])
upstream
Released (4.20~rc3)
xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1034.39)
cosmic
Released (4.15.0-1034.39)
precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial Ignored
(was needs-triage now end-of-life)
linux-oracle
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1009.11)
cosmic Not vulnerable

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial
Released (4.15.0-1009.11~16.04.1)
linux-raspi2
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1032.34)
cosmic
Released (4.18.0-1009.11)
precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial Not vulnerable
(4.2.0-1013.19)
linux-snapdragon
Launchpad, Ubuntu, Debian
bionic Not vulnerable

cosmic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (4.20~rc3)
xenial Not vulnerable
(4.4.0-1012.12)