CVE-2019-19050
Published: 18 November 2019
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
From the Ubuntu security team
It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-26.30)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-9.12)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.13.0-16.19)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-16.19)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
Patches: Introduced by cac5818c25d0423bda73e2b6997404ed0a7ed9e3 Fixed by c03b04dcdba1da39903e23cc4d072abf8f68f2dd |
||
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1001.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1001.10)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1024.27~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1010.10)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1006.6)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1029.31~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.11.0-1009.9)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1013.14~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1029.30~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.10.0-1004.4)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1012.13~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1030.32)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1029.30~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1012.13~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-40.32~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needed now end-of-life)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-kvm Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1002.2)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1004.9)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
linux-oem Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1002.3)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.6.0-1007.7)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.6.0-1007.7)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1037.42)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1007.9)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1010.15~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1008.8)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1007.7)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Ignored
(was needed now end-of-life)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Ignored
(was needed now end-of-life)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.13.0-1005.5)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-1013.19)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1018.20~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-24.28)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-24.28)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.4.0-1077.82)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1012.12)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|