CVE-2019-16089
Published: 6 September 2019
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.
From the Ubuntu Security Team
It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash).
Notes
Author | Note |
---|---|
sbeattie | fix has not landed upstream as of 2020-04-22 |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
upstream |
Needed
|
xenial |
Not vulnerable
(4.4.0-2.16)
|
|
hirsute |
Not vulnerable
(5.8.0-36.40+21.04.1)
|
|
bionic |
Released
(4.15.0-109.110)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life, was pending)
|
|
focal |
Released
(5.4.0-42.46)
|
|
groovy |
Not vulnerable
(5.4.0-42.46)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
Patches: Introduced by 47d902b90a32a42a3d33aef3a02170fc6f70aa23 |
||
linux-hwe-5.11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.11.0-22.23~20.04.1)
|
upstream |
Needed
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
linux-riscv-5.11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.11.0-1015.16~20.04.1)
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-aws-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.11.0-1009.9~20.04.2)
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-bluefield Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.4.0-1007.10)
|
|
upstream |
Needed
|
|
linux-kvm Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(5.8.0-1010.11+21.04.1)
|
bionic |
Released
(4.15.0-1069.70)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life, was pending)
|
|
focal |
Released
(5.4.0-1020.20)
|
|
groovy |
Not vulnerable
(5.4.0-1020.20)
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-oracle-5.11 Launchpad, Ubuntu, Debian |
upstream |
Needed
|
bionic |
Does not exist
|
|
focal |
Not vulnerable
(5.11.0-1008.8~20.04.1)
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.8.0-23.24~20.04.1)
|
|
upstream |
Needed
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Not vulnerable
(5.4.0-1025.25~18.04.1)
|
|
upstream |
Needed
|
|
linux-azure Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(5.8.0-1016.17+21.04.1)
|
bionic |
Ignored
(end of life, was needed)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life, was pending)
|
|
focal |
Released
(5.4.0-1022.22)
|
|
groovy |
Not vulnerable
(5.4.0-1022.22)
|
|
trusty |
Released
(4.15.0-1091.101~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needed
|
|
xenial |
Released
(4.15.0-1091.101~16.04.1)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(5.8.0-1015.15+21.04.1)
|
bionic |
Ignored
(end of life, was needed)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life, was pending)
|
|
focal |
Released
(5.4.0-1021.21)
|
|
groovy |
Not vulnerable
(5.4.0-1021.21)
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Released
(4.15.0-1080.90~16.04.1)
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1001.1)
|
upstream |
Needed
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(5.8.0-1014.14+21.04.1)
|
bionic |
Released
(4.15.0-1048.52)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life, was pending)
|
|
focal |
Released
(5.4.0-1021.21)
|
|
groovy |
Not vulnerable
(5.4.0-1021.21)
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Released
(4.15.0-1050.54~16.04.1)
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
bionic |
Not vulnerable
(4.15.0-1005.8)
|
|
upstream |
Needed
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.4.0-1008.9)
|
upstream |
Needed
|
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
(5.10.0-1008.9)
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
bionic |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
focal |
Not vulnerable
(5.4.0-1033.35)
|
|
upstream |
Needed
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1077.81)
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life, was pending)
|
|
focal |
Released
(5.4.0-1020.20)
|
|
groovy |
Not vulnerable
(5.4.0-1020.20)
|
|
hirsute |
Not vulnerable
(5.8.0-1018.20+21.04.1)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Needed
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1032.34~18.04.2)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1020.20~18.04.2)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-aws-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.8.0-1035.37~20.04.1)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Released
(4.15.0-1079.83~16.04.1)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1091.101)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-azure-5.11 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.11.0-1007.7~20.04.2)
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1034.35~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1022.22~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-azure-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.8.0-1033.35~20.04.1)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1080.90)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1032.34~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1021.21~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gcp-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.8.0-1032.34~20.04.1)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1066.69)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1045.46)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1032.34~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-64.58~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Released
(4.15.0-112.113~16.04.1)
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-42.46~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Ignored
(end of life, was needed)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1091.101)
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.13 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.13.0-1009.10)
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1065.70)
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1030.32~18.04.1)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1021.21~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-oracle-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.8.0-1031.32~20.04.2)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Released
(5.4.0-1015.15)
|
|
groovy |
Not vulnerable
(5.4.0-1015.15)
|
|
hirsute |
Not vulnerable
(5.8.0-1008.11+21.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1015.15~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1065.69)
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life, was pending)
|
|
focal |
Ignored
(end of life, was needed)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1030.32~18.04.2)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Released
(5.4.0-30.34)
|
|
groovy |
Not vulnerable
(5.4.0-30.34)
|
|
hirsute |
Not vulnerable
(5.8.0-10.12+21.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-riscv-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.8.0-14.16~20.04.1)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1083.91)
|
disco |
Ignored
(end of life)
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
xenial |
Not vulnerable
(4.4.0-1013.15)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.1 |
Attack vector | Local |
Attack complexity | High |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16089
- https://lore.kernel.org/patchwork/patch/1106884/
- https://lore.kernel.org/patchwork/patch/1126650/
- https://lore.kernel.org/lkml/20190911164013.27364-1-navid.emamdoost@gmail.com/
- https://ubuntu.com/security/notices/USN-4414-1
- https://ubuntu.com/security/notices/USN-4425-1
- https://ubuntu.com/security/notices/USN-4439-1
- https://ubuntu.com/security/notices/USN-4440-1
- NVD
- Launchpad
- Debian