CVE-2019-11683
Published: 2 May 2019
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
From the Ubuntu Security Team
It was discovered that the IPv4 generic receive offload (GRO) for UDP implementation in the Linux kernel did not properly handle padded packets. A remote attacker could use this to cause a denial of service (system crash).
Notes
| Author | Note |
|---|---|
| tyhicks | The receiving socket has to have the UDP_GRO socket option explicitly enabled with a call to setsockopt(2). UDP sockets are not vulnerable to this attack by default. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-16.19)
|
| cosmic |
Not vulnerable
(4.15.0-20.21)
|
|
| disco |
Released
(5.0.0-15.16)
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Not vulnerable
(debian: Vulnerable code introduced later)
|
|
| xenial |
Not vulnerable
(4.2.0-16.19)
|
|
|
Patches: Introduced by e20cf8d3f1f763ad28a9cb3b41305b8a8a42653e |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| cosmic |
Not vulnerable
(4.15.0-1007.7)
|
|
| disco |
Released
(5.0.0-1006.6)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
| cosmic |
Not vulnerable
(4.15.0-1009.9)
|
|
| disco |
Released
(5.0.0-1006.6)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| cosmic |
Not vulnerable
(4.15.0-1006.6)
|
|
| disco |
Released
(5.0.0-1006.6)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-1004.5~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Ignored
(end-of-life)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1030.32)
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Ignored
(end-of-life)
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
| cosmic |
Not vulnerable
(4.15.0-1008.8)
|
|
| disco |
Released
(5.0.0-1006.6)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.3)
|
| cosmic |
Not vulnerable
(4.15.0-1004.5)
|
|
| disco |
Not vulnerable
(4.15.0-1021.24)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1007.9)
|
| cosmic |
Not vulnerable
(4.15.0-1007.9)
|
|
| disco |
Not vulnerable
(4.15.0-1007.9)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-1005.5)
|
| cosmic |
Not vulnerable
(4.15.0-1010.11)
|
|
| disco |
Released
(5.0.0-1008.8)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.4.0-1077.82)
|
| cosmic |
Does not exist
|
|
| disco |
Released
(5.0.0-1012.12)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.1)
|
|
| xenial |
Not vulnerable
(4.4.0-1012.12)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11683
- http://www.openwall.com/lists/oss-security/2019/05/02/1
- https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37
- https://www.spinics.net/lists/netdev/msg568315.html
- https://ubuntu.com/security/notices/USN-3979-1
- NVD
- Launchpad
- Debian