CVE-2019-15793
Published: 12 November 2019
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
From the Ubuntu Security Team
Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| xenial |
Not vulnerable
(4.2.0-16.19)
|
|
| bionic |
Not vulnerable
(4.13.0-16.19)
|
|
| disco |
Not vulnerable
(4.18.0-10.11)
|
|
| eoan |
Released
(5.3.0-22.24)
|
|
|
Patches: Introduced by Fixed by local-2019-15793-fix |
||
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
| bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(end of life, was needs-triage)
|
|
| bionic |
Ignored
(end of life, was pending)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Not vulnerable
(4.15.0-1002.3)
|
|
| disco |
Not vulnerable
(4.15.0-1021.24)
|
|
| eoan |
Not vulnerable
(4.15.0-1035.40)
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
disco |
Not vulnerable
(4.18.0-1003.3)
|
| eoan |
Released
(5.3.0-1007.8)
|
|
| bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| bionic |
Does not exist
|
|
| eoan |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
|
| eoan |
Does not exist
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
| eoan |
Released
(5.3.0-1007.8)
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
| eoan |
Released
(5.3.0-1008.9)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1030.32)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
| disco |
Not vulnerable
(4.18.0-1003.3)
|
|
| eoan |
Released
(5.3.0-1007.8)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1010.11)
|
| disco |
Not vulnerable
(5.0.0-1010.11)
|
|
| eoan |
Not vulnerable
(5.0.0-1010.11)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1007.9)
|
| disco |
Not vulnerable
(4.15.0-1007.9)
|
|
| eoan |
Released
(5.3.0-1006.7)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-1005.5)
|
| disco |
Not vulnerable
(4.18.0-1005.7)
|
|
| eoan |
Released
(5.3.0-1012.14)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.4.0-1077.82)
|
| disco |
Not vulnerable
(5.0.0-1010.10)
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.6.12~rc2)
|
|
| xenial |
Not vulnerable
(4.4.0-1012.12)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |