Your submission was sent successfully! Close

CVE-2019-18814

Published: 7 November 2019

An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-16.19)
disco Not vulnerable
(5.0.0-11.12)
eoan Not vulnerable
(5.0.0-13.14)
precise Ignored
(was needs-triage ESM criteria)
trusty Ignored
(was needs-triage ESM criteria)
upstream Needed

xenial Not vulnerable
(4.2.0-16.19)
linux-aws
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1001.1)
disco Not vulnerable
(5.0.0-1002.2)
eoan Not vulnerable
(5.0.0-1004.4)
precise Does not exist

trusty Ignored
(was needs-triage ESM criteria)
upstream Needed

xenial Not vulnerable
(4.4.0-1001.10)
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1021.24~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.15.0-1030.31~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1014.14~18.04.1)
disco Not vulnerable
(5.0.0-1002.2)
eoan Not vulnerable
(5.0.0-1004.4)
precise Does not exist

trusty Ignored
(was needs-triage ESM criteria)
upstream Needed

xenial Not vulnerable
(4.11.0-1009.9)
linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1007.8~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Ignored
(was needs-triage now end-of-life)
linux-gcp
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1001.1)
disco Not vulnerable
(5.0.0-1002.2)
eoan Not vulnerable
(5.0.0-1004.4)
precise Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.10.0-1004.4)
linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1008.9~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1030.32)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1011.11~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1011.12~18.04.1)
eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-23.24~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.8.0-36.36~16.04.1)
linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-15.16~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Ignored
(was needs-triage now end-of-life)
linux-kvm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1002.2)
disco Not vulnerable
(5.0.0-1002.2)
eoan Not vulnerable
(5.0.0-1004.4)
precise Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.4.0-1004.9)
linux-lts-trusty
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

precise Ignored
(was needs-triage ESM criteria)
trusty Does not exist

upstream Needed

xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

precise Does not exist

trusty Ignored
(was needs-triage ESM criteria)
upstream Needed

xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1002.3)
disco Not vulnerable
(4.15.0-1021.24)
eoan Not vulnerable
(4.15.0-1035.40)
precise Does not exist

trusty Does not exist

upstream Needed

xenial Ignored
(was needs-triage now end-of-life)
linux-oem-5.4
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1010.11)
disco Not vulnerable
(5.0.0-1010.11)
eoan Not vulnerable
(5.0.0-1010.11)
precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1007.9)
disco Not vulnerable
(4.15.0-1007.9)
eoan Not vulnerable
(4.15.0-1011.13)
precise Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.15.0-1007.9~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1007.12~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-1005.5)
disco Not vulnerable
(5.0.0-1005.5)
eoan Not vulnerable
(5.0.0-1006.6)
precise Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.2.0-1013.19)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1017.19~18.04.1)
eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.4.0-1077.82)
disco Not vulnerable
(5.0.0-1010.10)
eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needed

xenial Not vulnerable
(4.4.0-1012.12)